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Abstract 

We present the CIFF proof procedure for abductive logic programming with constraints, 
and we prove its correctness. CIFF is an extension of the IFF proof procedure for ab- 
ductive logic programming, relaxing the original restrictions over variable quantification 
(allowedness conditions) and incorporating a constraint solver to deal with numerical 
constraints as in constraint logic programming. Finally, we describe the CIFF System, 
comparing it with state of the art abductive systems and answer set solvers and showing 
how to use it to program some applications. 

(To appear in Theory and Practice of Logic Programming - TPLP). 
KEYWORDS: Abduction, Constraints, Proof procedures. 



1 Introduction 

Abduction has found broad application as a powerful tool for hypothetical reasoning 
with incomplete knowledge. This form of reasoning is handled by labeling some 
pieces of information as abducibles, i.e. as possible hypotheses, that can be assumed 
to hold, provided that they are consistent with the rest of the given information in 
the knowledge base. 

Attempts to make abductive reasoning an effective computational tool have given 
rise to Abductive Logic Programming (ALP) which combines abduction with stan- 
dard logic programming. A number of abductive proof procedures have been pro- 
posed in the literature, e.g. IjKakas and Mancarella 1990b|IKakas and Mancarella 1990al 



IConsole et al. 1991l[Denecker and De Schreye 1998||Fung and Kowalski 1997[ ). These 



differ in that they rely upon different semantics, the most common being the (gen- 
erahzed) stable models semantics (jKakas and Mancarella 1990bp and the (three- 
valued) completion semantics (|Kunen 1987[) . Many of these proof procedures en- 
rich the expressive power of the abductive framework by allowing the inclusion of 
integrity constraints (ICs) to further restrict the range of possible hypotheses. 
ALP has also been integrated with Constraint Logic Programming (CLP) (jJaffar and Maher 19941 
IJaffar et al. 1998]) . in order to combine abductive reasoning with an arithmetic tool 
for constraint solving (jKakas et al. 20011 IKakas et al. 20001 IKowalski et al. 19981 
IBressan et al. 1997]) (in the sense of CLP, not to be confused with integrity con- 
straints). In recent years, several proof procedures for ALP with constraints (ALPC) 
have been proposed, including ACLP (Kakas et al. 2000| and the ^-System (jKakas et al. 200l|) . 
Important applications of ALP and ALPC include agent programming (jKakas et al. 20081 
IKakas et al. 2004llSadri et al. 2002|) . (semantic) web management appHcations (jToni 200 ip . 
planning and combinatorial problems (jWetzel et al. 19961 IKowalski et al. 1998^ . 

Here we propose CIFF, another proof procedure for ALPC which extends the IFF 
procedure ( jFung and Kowalski 1997D in two ways, namely (1) by integrating ab- 
ductive reasoning with constraint solving, and (2) by relaxing the allowedness con- 
ditions on suitable inputs given in ( jFung and Kowalski 1997] ), in order to be able to 
handle a wider class of problems. The CIFF proof procedure has been implemented 
in Prolog in the CIFF System (jTerreni 2008bp . 

CIFF features have been exploited in various application domains. In (jKakas et al. 20081 
IKakas et al. 2004]) CIFF has been used as the computational core for modelling an 
agent's planning, reactivity and temporal reasoning capabilities based on a variant 
of the abductive event calculus (Kowalski and Sergot 1986a|IShanahan 1989| ). Also, 
a (slightly modified) prototype version of CIFF for checking and repairing XML web 
sites is currently under development (jMancarella et al. 2007|lMancarella et al. 2009| 
ITerreni 2008ai) . 

We have compared empirically the CIFF System to other related systems, namely 
the ^-System (jKakas et al. 20011 IVan Nuffelen 2004p . which is the closest system 
from both a theoretical and an implementative viewpoint, and two state-of-the-art 
answer set solvers: SMODELS (jNiemela and Simons 19971 ISimons 2000|) and DLV 
(jEiter et al. 19971 'Leone et al. 2006|) . These solvers implement a different (answer 
set) semantics ([Cclfond and Lifsc hitz 199ip . but share with our approach the ob- 
jective of modeling dynamic and non-monotonic settings in a declarative (and thus 
human-oriented) way. The results of our tests show that (1) the CIFF System and 
the other systems have comparable performances and (2) the CIFF System is able 
to handle variables taking values in unbound domains. 

The paper is organised as follows. In the next section we give background notions 
about ALPC. Section |3| specifies the CIFF proof procedure, while formal results 
are shown in Section HI In Section [5] we briefly describe the CIFF System and in 
Section |6| we discuss some related work together with some experimental results. 
Finally, Section |7| concludes the paper and proposes some future work. 
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This paper combines and extends a number of earher papers: (lEndriss e t al. 2004bp . 
defining an earher version of the CIFF proof procedure, QEndriss et aL 2004a|) , 
(jEndriss et al. 2005]) and (jMancarella et al. 2007^ all defining earlier versions of the 
CIFF System. 

2 Abductive Logic Programming with Constraints 

We present here some background on ALPC. We will assume familiarity with basic 
concepts of Logic Programming (atom, term etc.) as found e.g. in ( |Lloyd 1987 ). 
We will frequently write t for a vector of terms such as ti, . . . ,tk- For instance, we 
are going to write p(J^ rather than p(ti, . . . ,tk)- Throughout the paper, to simplify 
the presentation, we will assume that predicates cannot have the same name but 
different arities. Moreover, with an abuse of notation, we will often use disjunctions 
and conjunctions as if they were sets, and similarly for substitutions. In particu- 
lar, we will abstract away from the position of a conjunct (respectively disjunct) 
in a conjunction (respectively disjunction) and we will apply to disjunctions and 
conjunctions set-theoretic operations such as union, inclusion, difference and so on. 

An abductive logic program is a tuple (P, A, IC) where: 

• P is a normal logic program^ namely a set of clauses of the form: 

p{s) ^ h{ti) A . . . Mn{tn) n>Q 

where p{s) is an atom and each li{ti) is a literal, i.e. an atom a{t) or the 
negation of an atom a{t), represented as -^a(t). We refer to p{s) as the head 
of the clause and to /i(ti) A . . . A /„(t„) as the body of the clause. A predicate 
p occurring in the head of at least one clause in P is called a defined predicate 
and the set of clauses in P such that p occurs in their heads is called the 
definition set of p. 

Any variable in a clause is implicitly universally quantified with scope the 
entire clause. 

• A is a set of predicates, referred to as abducible predicates. Atoms whose 
predicate is an abducible predicate are referred to as abducible atoms or simply 
as abducibles. Abducible atoms must not occur in the head of any clause of 
P (without loss of generality, see (|Kakas et al. 1998"]) ). 

• IC is a set of integrity constraints which are implications of the form: 

h{ti) /\ . . . Aln{tn) ai(si) V . . . V a„i(sm) n, m > ri + rn > 1 

Each of the li{ti) is a literal (as defined above) while each of the ai{si) is an 
atom. We refer to h{ti) A ... A Z„(i„) as the body and to ai(si) V ... V am(s,„) 
as the head of the integrity constraint. 

Any variable in an integrity constraint is implicitly universally quantified with 
scope the entire implication. 

Given an abductive logic program (P, A, IC), we will refer to the set of all (de- 
fined and abducible) predicates occurring in (P, A, IC) as its Herbrand signature. 
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Moreover, as is the convention in LP, we will assume as given a Herbrand universe, 
namely a set of ground terms. Further, we will refer to all ground atoms whose 
predicate belongs to the Herbrand signature of {P, A, IC) and that can be built 
using terms in the Herbrand universe as the Herbrand base of {P, A, IC). Finally, 
we will refer to Herbrand terms as (ground and non ground) terms whose instances 
belong to the Herbrand universe. Then, a query Q to an abductive logic program 
(P, A, IC) is a conjunction of literals whose predicate belongs to the Herbrand 
signature of (P, A, IC) and whose arguments are Herbrand terms. Any variable 
occurring in Q is implicitly existentially quantified with scope Q. 

A normal logic program P provides definitions for certain predicates, while ab- 
ducibles can be used to extend these definitions to form possible explanations for 
queries, which can be regarded as observations against the background of the world 
knowledge encoded in the given abductive logic program. Integrity constraints, on 
the other hand, restrict the range of possible explanations. Note that, in general, the 
set of abducible predicates may not coincide with the set of all predicates without 
definitions in P (i.e. the set of open predicates). 

Informally, given an abductive logic program {P, A, IC) and a query Q, an ex- 
planation for a query Q is a set of (ground) abducible atoms A that, together 
with P, both "entails" (an appropriate ground instantiation of) Q, with respect to 
some notion of "entailment" , and "satisfies" the set of integrity constraints IC (see 
(jKakas et al. 1998]) for possible notions of integrity constraint "satisfaction" ) . The 
notion of "entailment" depends on the semantics associated with the logic program 
P (there are many different possible choices for such semantics (jKakas et al. 1998| ). 
The following definition of abductive answer formalizes this informal notion of ex- 
planation. 

Definition 2.1 [Abductive answer) 

An abductive answer to a query Q with respect to an abductive logic program 
(P, A, IC) is a pair (A, cr), where A is a finite set of ground abducible atoms and 
cr is a ground substitution for the (existentially quantified) variables occurring in 
Q, such that: 

• PU A ^LP Qcr and 

• PU A \^LP IC 

where \=lp stands for the chosen semantics for logic programming. 

Given an abductive logic program (P, A, IC), an abductive answer to a query Q 
provides an explanation for Q, understood as an observation: the answer specifies 
which instances of the abducible predicates have to be assumed to hold for the 
(corresponding instances of the) observation Q to hold as well, and, in addition, it 
forces such an explanation to validate the integrity constraints. 

The framework of abductive logic programming can be usefully extended to han- 
dle constraint predicates in the same way Constraint Logic Programming (CLP) 
(jJaffar and Maher 1994P extends logic programming. The CLP framework is de- 
fined over a particular structure 5R consisting of a domain P'(5ft), and a set of con- 
straint predicates which includes equality (=) and disequality (7^), together with an 
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assignment of relations on Z3(5ft) for each constraint predicate. We will refer to the 
set of constraint predicates in 5ft as the constraint signature (of 5ft) , and to atoms of 
the constraint predicates as constraint atoms (over 5R). 

The structure 5ft is equipped with a notion of 5R-satisfiability. Given a set of (possibly 
non-ground) constraint atoms C, the fact that C is 5R-satisfiable will be denoted 
as |=sR C. Moreover we denote as a |=sr C the fact that the grounding a of the 
variables of C over Z?(5ft) satisfies C, i.e. C is 5ft-satisfied. 

An abductive logic program with constraints is a tuple (P, A, IC)^ with all compo- 
nents defined as above but where constraint atoms for 5ft might occur in the body 
of clauses of P and of integrity constraints of IC. Also, queries for abductive logic 
programs with constraints might include constraint atoms (over 5ft). We keep the 
notion of Herbrand signature and Herbrand base as before. 

The semantics of CLP is obtained by combining the logic programming semantics 
\=LP and the notion of 5ft-satisfiability (jJaffar and Maher 1994p . We denote this 
semantic notion as \=LP{'Si) and we use it in the notion of abductive answer with 
respect to an abductive logic program with constraints. 

Definition 2.2 {Abductive answer with constraints) 

An abductive answer with constraints to a query Q with respect to an abductive 
logic program with constraints (P, A, /C)sr is a tuple (A,(7, F), where A is a finite 
set of abducible atoms, a is a ground substitution for the (existentially quantified) 
variables occurring in Q and F is a set of constraint atoms such that 

1. there exists a ground substitution a' for the variables occurring in Fct such 
that a' ^sj{ Fcr and 

2. for each ground substitution a' for the variables occurring in Fcr such that 
c' h^sR Fcr, there exists a ground substitution a" for the variables occurring 
in Q U A U F, with aa' C a", such that: 

• P U Act" hLP(!ff) Qcr" and 
. PuAct" Kp(!R) IC. 

Example 2.1 

Consider the following abductive logic program with constraints (here we assume 
that < is a constraint predicate of 5R with the expected semantics) : 

P: p(X) ^ g(Ti,T2) ATi<A: AX<8 

g(Xi,X2) ^s(Xi,a) 
A: {r,s} 
IC : r{Z) ^ p{Z) 

An abductive answer with constraints for the query Q = r(6) is 

({r(6),s(Ti,a)},0,{ri <6}) 

where is the empty set. 
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Intuitively, given the query r(6), the integrity constraint in IC would fire and force 
the atom p(6) to hold, which in turn requires s(Ti, a) for some Ti < 6 to be true. 

Considering a non-ground version of the query, for example Q = ^'(i^), the following 
is an abductive answer with constraints: 

{{r{Y), s(ri, a)}, {y/5}, {Ti <Y,Y < 8}). 

3 The CIFF Proof Procedure 

The language of CIFF is the same of an abductive logic program with constraints, 
but we assume to have the special symbols false and true. These will be used, in 
particular, to represent the empty body {true) and the empty head {false) of an 
integrity constraint. 

The CIFF framework relies upon the availability of a concrete CLP structure K over 
arithmetical domains equipped at least with the set {<,<,>,>,=, 7^} of constraint 
predicates whose intended semantics is the expected on^. The set of constraint 
predicates is assumed to be closed under complemenlH. When needed, we will denote 
by Con the complement of the constraint atom Con (e.g. X < 3 is X > 3). We also 
assume that the constraint domain offers a set of functions like +,—,*... whose 
semantics is again the expected one. 

The structure 3? is a black box component in the definition of the CIFF proof 
procedure: for handling constraint atoms and evaluating constraint functions, we 
rely upon an underlying constraint solver over 5R which is assumed to be both 
sound and complete with respect to ^j}- In particular we will assume that, given 
a constraint atom Con and its complement Con, the formulae Con V Con and 
Con Con are tautologies with respect to the constraint solver semantics. We 
do not commit to any concrete implementation of a constraint solver, hence the 
range of the admissible arguments to constraint predicates (-D(K)) depends on the 
specifics of the chosen constraint solver. 

The semantics of the CIFF proof procedure is defined in terms of Definition 12.21 
where (1) the constraint structure K is defined as above, and (2) the semantics 
of logic programming is the three-valued completion semantics (|Kunen 1987P (we 
denote as h'aCJf) the notion of ^lp(sr) with respect to that semantics). We refer to 
an abductive answer with constraints as a CIFF abductive answer. Recall that the 
three- valued completion semantics embeds the Clark Equality Theory (jClark 1978|) . 
denoted by GET, which handles equalities over Herbrand terms. 

The CIFF proof procedure operates on a set of iff- definitions obtained from the 
completion (jClark 1978P of the defined predicates pi, . . . ,pn in the Herbrand sig- 
nature of (P, A, /C)sff. 

The completion of a predicate p with respect to (P, A, IC)^ is defined as follows. 
Assume that the following set of clauses is the definition set of p in (P, A, IC)^: 

^ Here = is used for equality instead of =, the latter being used to stand for Clark's equality as 
shown later. 

^ Clearly, 7^ is the complement of = and viceversa. 
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p{tk) ^ Dk 

where each Di is a conjunction of hterals and constraint atoms. The iff- definition 
of p is of the form: 

p{X) ^ [X ^tiADi]V ■■■y[X ^tkADk] 

where X is a vector of fresh variables (not occurring in any Di or ti) imphcitly 
universally quantified with scope the entire iff-definition, and all other variables 
are implicitly existentially quantified with scope the right-hand side disjunct in 
which it occurs. 

Note that the equality symbol = is used to represent Clark's equality in iff- definitions. 
In the sequel, we will refer to = as the equality predicate and to atoms containing 
it as equality atom^ Note also that input programs can not include = explicitly, 
= being reserved for Clark's equality in iff- definitions. 

If p is a non-abducible, non-constraint, non-equality atom and it does not occur in 
the head of any clause of P its iff-definition is of the form: 

p{X) ^ false. 
Definition 3.1 [CIFF Theory and CIFF Framework) 

Let (P, A, IC)i}i be an abductive logic program with constraints. The CIFF theory 
Th relative to (P, A, IC)^ is the set of all the iff-definitions of each non-abducible, 
non-constraint predicate in the language of (P, A, IC)^. Moreover we say that a 
CIFF framework is the tuple {Th, A, IC)sr. 

Example 3.1 

Let us consider the following abductive logic program with constraints (P, A, IC)'^^: 

P : p{T) 4- s{T) 

p{W) ^ W^<8 
A: {s} 

IC : r{T) A s(T) ^ p{T) 
The resulting CIFF theory Th is: 

p{X) ^ [X ^T As{T)]V [X AW<8] 
r{Y) ^ false. 

With explicit quantification, the theory Th would be: 

yX {p{X) ^[IT{X = T As{T)\\/[3W{X AW<S)\) 
Vr {r{Y) ^ false). 

^ In particular, constraints of the form A = B are not equality atoms but they are (equality) 
constraint atoms. 
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Note that Th includes an ifF-definition for r even though r occurs only in the 
integrity constraints IC. Moreover, there is no iff-dcfinition for the abducible pred- 
icate s. To improve readability and unless otherwise stated, in the remainder we 
will write CIFF theories with implicit variable quantification. 

Definition 3.2 {CIFF query) 

A CIFF query Q is a conjunction of literals, possibly including constraint literals. 
All the variables in a CIFF query Q are implicitly existentially quantified with 
scope Q. 



AUowedness. Fung and Kowalski (1997) require frameworks for their IFF proof pro- 
cedure to meet a number of so-called allowedness conditions to be able to guarantee 
the correct operation of their proof procedure. These conditions are designed to 
avoid problematic patterns of quantification which can lead to problems analogous 
to floundering in LP with negation ( [Lloyd 1987[ ). These allowedness conditions are 
primarily needed to avoid dealing with atomic conjuncts which may contain uni- 
versally quantified variables, and also to avoid keeping explicit quantifiers for the 
variables which are introduced during an IFF computation. 

Informally, the problem arises when a universally quantified variable occurring in a 
clause occurs nowhere else in the body except, possibly, in a negative literal or in 
an abducible atom. 

The IFF proof procedure for abductive logic programming (without constraints) 
has the following allowedness conditions: 

• an integrity constraint A ^ B is allowed iff every variable in it also occurs in 
an atomic conjunct within its body A; 

• an iff-dcfinition p{X) ^ Di V • • • V Dn is allowed iff every variable, other 
than those in X, occurring in a disjunct Di, also occurs inside a non-equality 
atomic conjunct within the same Di; 

• a query is allowed iff every variable in it also occurs in an atomic conjunct 
within the query itself. 

As stated in ( [Fung and Kowalski 1997] ), the above allowedness conditions ensure 
statically that floundering is avoided. We will refer to a CIFF framework arising 
from an abductive logic program without constraints and to a query Q such that 
they are allowed as above as IFF allowed. 

Also our CIFF frameworks {Th, A, IC)iji must be allowed in order to guarantee 
the correct operation of CIFF. Unfortunately, it is difficult to formulate appropri- 
ate allowedness conditions that guarantee correct execution of the proof procedure 
without imposing too many unnecessary restrictions. This is a well-known problem, 
which is further aggravated for languages that include constraint predicates. In par- 
ticular, adapting the IFF approach, the allowedness condition for an iff-definition 
would be defined as follows: 

Definition 3.3 {CIFF Static Allowedness) 

A CIFF framework {Th,A,IC)^ is CIFF- statically allowed iff it satisfies the fol- 
lowing conditions: 
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• each integrity constraint A ^ B e IC is such that every variable in it also 
occurs in a non-constraint atomic conjunct within its body A\ 

• each iff-definition p{X) <-> £>i V • • • V -D„ e Th is such that every variable, 
other than those in X, occurring in a disjunct Di, also occurs in a non-equality, 
non-constraint atomic conjunct within the same Di. 

A CIFF query Q is CIFF-statically allowed iff every variable in Q also occurs in a 
non-constraint atomic conjunct within the query itself. 

Our proposal is to relax the above allowedness conditions, and to check dynamically, 
i.e. at runtime, the risk of floundering. Some restrictions are still needed in order 

to cnsiirc that the quantification of variables during a CIFF computation can be 
kept implicit, both for simplicity and for keeping the IFF style of behaviour. 
The new allowedness conditions for CIFF are deflned as follows. 

Definition 3.4 {CIFF Allowedness) 

A CIFF framework {Th, A, IC)^ is CIFF-allowed iff every iff-definition in Th is 
allowed. An iff-definition p{X) ^ Di V • ■ • V D„ is allowed iff every variable, other 
than those in X, occurring in a disjunct Di, also occurs inside an atomic conjunct 

within the same Di. 

A CIFF query Q is CIFF-allowed iff every variable in it also occurs in an atomic 
conjunct within the query itself. 

Note that in this definition there arc no restrictions concerning the integrity con- 
straints. Moreover, it is worth noting that for a query Q, the notions of IFF al- 
lowedness, CIFF static allowedness and CIFF allowedness for Q are identical. 

Example 3.2 

The following CIFF framework is CIFF allowed (Pi is the original normal logic 
program): 

Pi : p{Z) 

p{Y) ^ ^q{Y) 
Thi : p{X) ^[X = Z]V[X = Y A -^q{Y)] 

q{X) ^ false 

s{X) <-> false 
Ai : 

7Ci : Z = W ^ s{Z,W) 

It is worth noting that the above CIFF framework is neither CIFF statically allowed 
nor IFF allowed (note that there are no constraints in it). Indeed, in Thi, the 

variable Z occurs only in an equality atomic conjunct and the variable Y occurs 
only in an equality atomic conjunct and in a negative literal. The following CIFF 
framework, instead, is not CIFF allowed (P2 is the original normal logic program): 
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P2: p{Z)^^q{Z,Y) 

T/i2 : p{X) ^[X A -nq{Z, Y)] 

q{X, Y) false 

s{X, Y) <-> false 
A2 : 

IC2 : q{Z, W) ^ s{Z, W) 

The non-allowedness is due to the variable Y in T/12 which occurs only in a negative 
literal. 

The query Q = -^q{V, a) is not CIFF allowed (and it is neither CIFF statically 
allowed nor IFF allowed) due to the variable V which occurs only in a negative 
literal. 

Note that in some cases a CIFF framework which is not CIFF allowed can be 
turned into a CIFF allowed framework by adding explicit, though useless since 
trivially satisfied, constraints over the critical variables (e.g. Y in T/12 above) . For 
instance, the above non CIFF-allowed framework can be modified by changing the 
first clause as follows: 

P2: p{Z)^^q{Z,Y)AY = Y 

Note however that this can be done only if the critical variables such as Y above 
are meant to be variables ranging over the domain D{^), i.e. they are constraint 
variables. 

The following (^xamplc shows how the IFF allowedncss requirement forbids the use 
of the IFF proof procedure even for simple abductive frameworks where IFF could 
compute correct abductive answers. 

Example 3.3 

Consider the following CIFF framework: 

P3 : P{Y). 

q{Z)^r{Z)Ap{a) 
Ths : p{X) ^\X = Y] 

q{X) ^ [X = ZA r[Z) A p{a)\ 

^3 : {r} 
/C3 : 

The above framework is not IFF allowed due to the variable Y . Consider the query 
g'(6). Intuitively there is a simple and sound abductive answer for g(6), i.e. r(6) 
and this could be computed by IFF, were it not for the allowedncss restrictions it 
imposes on its inputs. Instead, the above framework is CIFF allowed and, as will 
become clear, the CIFF proof procedure returns exactly the correct answer. 

Until now we have shown only "artificial" examples, but the IFF allowedncss re- 
strictions limit the application of the IFF proof procedure in many realistic settings. 
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Example 3.4 

Abduction is a very interesting solution for modeling agent systems and agent capa- 
bilities. In particular the Abductive Event Calculus (AEC) language ( [Kowalski and Sergot 1986b{ 
IMiller and Shanahan 2002]) is a popular framework for modeling (among others) 
planning capabilities of an agent through abductive reasoning. The following CIFF 
framework models a fragment of the AEC (definitions for init and term are omitted 
for simplicity). 



AEC: holdsiG,T)^ 

clip(Ti,G,T2) ^ 
ThAEC '■ holds{Xi,X2) ^ 

clip{Xi,X2,X3) . 

A-AEC ■ {happens} 
ICaec ■■ 



happens{A, Ti) A init{A, G)A 
-^clip{Ti,G,T) ATi < T 

happens{A, T) A term{A, G) A Ti < T A T < T2 

[Xi ^ G A X2 ^ T A happens{A, Ti)A 
init{A, G) A -^clip{Ti,G, T) A Ti < T] 
[Xi^TiAX2 = GAX3^T2 A 
happens{A, T) A term{A, G) ATi < T AT < T2] 



The above framework is neither an IFF framework due to the presence of constraint 
atoms, nor CIFF statically allowed due to the variable T in the first iff-definition 
and the variables Ti and T2 in the second iff-definition, violating the allowedness 
restrictions stated in Definition 13.31 This is because these variables occur only in 
equality and/or constraint atomic conjuncts in the respective disjuncts. However 
the framework is CIFF allowed and CIFF can be used for reasoning with it, as 
done, e.g., in the KGP model (jKakas et al. 2008|) . 

In the remainder of the paper, we will always assume that CIFF frameworks and 
CIFF queries are CIFF allowed. For simplicity, from here onwards, with the word 
allowed we mean CIFF allowed, unless otherwise explicitly stated. 



3. 1 CIFF Proof Rules 

The CIFF proof procedure is a rewriting procedure, consisting of a number of CIFF 
proof rules, each of which replaces a CIFF formula by another one. 
In the remainder, a negative literal L — -^A, everywhere in a CIFF framework, in 
a CIFF query, or in a CIFF formula, will be written in implicative form, i.e. -^A is 
written as A false. 

Hence, in this context a literal is either an atom A or an implication A —> false. 
A special case of such implication is given by the next definition. 

Definition 3.5 {CIFF Disequality) 

A CIFF disequality is an implication of the form 

X = t ^ false 

where X is an existentially quantified variable and i is a term not in the form of a 
universally quantified variable and such that X does not occur in t. 
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Definition 3.6 [CIFF formula, CIFF node and CIFF conjunct) 
A CIFF formula is a disjunction 

A^i V . . . V A^„ n > 0. 

If n = 0, the disjunction is equivalent to false. 

Each disjunct Ni is a CIFF node which is of the form: 

Ci A . . . A C„ m > 0. 

If m = 0, the conjunction is equivalent to true. Each conjunct Cj is a CIFF conjunct 
and it can be of the form of: 

• an atom (atomic CIFF conjunct), 

• an implication (implicative CIFF conjunct, including negative literals) or 

• a disjunction of conjunctions of literals [disjunctive CIFF conjunct) 

where implications are of the form: 

LiA...ALt^AiV...VAs s,t>l, 

where each Li is a literal (possibly false or true) and each Ai is an atom (possibly 
false or true). 

In the sequel we will refer to Li A ... A it as the body of the implication and to 

Ai y . . . V As as the head of the implication. 

In a CIFF node N, variables which appear either in an atomic CIFF conjunct or in 
a disjunctive CIFF conjunct are implicitly existentially quantified with scope N. All 
the remaining variables, i.e. variables occurring only in implicative CIFF conjuncts, 
are implicitly universally quantified with the scope being the implication in which 

they appear. 

Finally a CIFF node N can have an associated label A. We will denote a node 
labeled by A as A : AT. 

We are now going to present the CIFF proof rules. In doing that, we treat a CIFF 
node as a (multi)set of CIFF conjuncts and a CIFF formula as a (multi)set of CIFF 
nodes. I.e. we represent a CIFF formula F = A^i V . . . V Nn as 

{Nu...,Nr,} 

where each Ni is a CIFF node, of the form Ci A . . . A Cm represented by 

{Ci, . . . , Cm} 

where each Cj is a CIFF conjunct. 
Example 3.5 

Let us consider the following abductive logic program with constraints (P, A, IC)^^: 

P : p -I— a 

p ^ b 
A : {a, b, c} 
IC: a^c 
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The CIFF formula p A (a ^ c) (composed of a single node) is represented by: 

The CIFF formula [a A (a c)] V [6 A (a ^ c)], composed of two CIFF nodes 
(obtained in CIFF from the earlier nodes as will be seen later) A^i = a A (a — > c) 
and N2 = b A {a c) is represented by: 

{{a,{a ^ c)},{b,{a c)}}. 

Each CIFF proof rul^ operates over a node N within a formula F and it will result 
in a new formula F' . A rule is presented in the following form: 

Rule name 4> Input: F, TV Output F' 

Given: a set of CIFF conjuncts x in 

Conditions: a set of conditions over x a-nd A'' 

Action: {replace, replace_all, add, delete} 'I'; mark A 



The Given part identifies a (possibly empty) set of conjuncts x in ^ within F. A 
rule (p can be applied on a set x of conjuncts of N satisfying the stated Conditions. 
We say (f) is applicable to F and we call the set x a rule input for (jj. Finally, 
the Action part defines both a new set of conjuncts 4" and an action (replace, 
replace_all, add, delete or mark) which states, as described below, how F' is 
obtained from F through "if. In the remainder we will omit to specify the Input 
part and the Output part. 
Given a rule (f) as above, we denote by 

N,x 
F ^-F' 

4> 

the application of rule (j) with Input F, N, Given x, and Output F'. 
Abstracting from the particular action, F' is always derived from F replacing the 
node by a set of nodes A/", i.e.: 

F' = F-{N}UAf 

We refer to A/" as the CIFF successor nodes of A^ and we refer to each node N' E J\f 
as a CIFF successor node of N. Each type of action defines Af as follows: 

replace: Af^ {{N - x) U 

replace_all: {[{N - x) U {Di}], . . . , [{N - x) U {D^}]} 

where * = {Di V ... V Dk} 
add: A/'= {A^ U ^} 

delete: J\f= {N - *} 

mark: Af= {A : A^} 

* In the remainder, when we want to refer to a CIFF framework, a CIFF node, a CIFF formula 
and so on, we drop the prefix "CIFF" if it is clear from the context. 
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The mark action does not change the elements in N but it marks the node N with 
the label All the actions, apart from the replace_all action, replace iV by a 
single successor node. 

In the replace_all action, consists of a single conjunct in disjunctive form, i.e. 
'3/ = {Di V . . . V Dfc}. This action adds to F a set M oi k successor nodes, each of 
them obtained from N by deleting x and by adding a single disjunct Di. 

We are now ready to specify the proof rules in detail. 

In the presentation we are going to write t ~ s as s. shorthand for ti — si h ■ ■ ■ /\ 
tk = Sfc (with the implicit assumption that the two vectors have the same length), 
and [X/ 1\ for the substitution [Xi/ ti , . . . , Xk/tk] ■ Note that X and Y will always 
represent variables. 

Furthermore, in our presentation of the proof rules, we abstract away from the order 
of conjuncts in the body of an implication by writing the body of implications with 
the "critical" conjunct in the first position. 

Recall that, in writing the proof rules, we use implicit variable quantification de- 
scribed in Definition 13.61 

The first proof rule replaces an atomic conjunct in a node N by its iff-definition: 
Rl - Unfolding atoms 

Given: { p{t) } 

Conditions: { [p(X) ^ Di W ■ ■ ■ V D„] e Th } 
Action: replace { (Di V ■ ■ ■ V D„)[X/t\ } 



Note that any variable in Di V • ■ • V Dn is implicitly existentially quantified in the 
resulting formula F' . 

We assume that variable renaming may be applied so that all existential variables 
have distinct names in the resulting CIFF node. 

Unfolding can be applied also to atoms occurring in the body of an implication 
yielding one new implication for every disjunct in the corresponding iff-definition: 

R2 - Unfolding within implications 

Given: { {p{t) A B) ^ H } 

Conditions: { [p{X) ^ Di V ■ ■ ■ V Dn] e Th} 

Action: replace { [{Di[X/t\ A B) ^ H], . . . , [iD„[X/t\ A B) ^ H] } 



Observe that, within F' , any variable in any Di becomes universally quantified with 
scope the implication in which it occurs. Also in rule R2 renaming of variables is 
assumed, as discussed for Rl. 

^ As we will see later, A can only be the label undefined. When clear from the context, we will 
represent a CIFF node omitting its label. 
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The next rule is the propagation rule, which allows us to resolve an atom in the 
body of an implication in N with a matching atomic conjunct also in N. 
R3 - Propagation 

Given: { [(p(t) A B) ^ i/], p^s) } 

Conditions: { } 

Action: add {{t^sAB)^H} 

Note that if p has no arguments, {t = s/\B) H should be read as {true A B) H. 

The splitting rule is the only rule performing a replace_all action. Roughly speak- 
ing it distributes a disjunction over a conjunction. 
R4 - Splitting 

Given: { Di V ■ ■ ■ V D„ } 

Conditions: { } 

Action: replace_all { Di V . . . V Dn } 



The following factoring rule can be used to generate two cases, one in which the 
given abducible atoms unify and one in which they do not: 
R5 - Factoring 

Given: { p{t), p{s) } 

Conditions: { p abducible } 

Action: replace { [p(t) Ap(s) A s ^ false)] V [p{t) A f = s] } 



The next set of CIFF proof rules are the constraint rules. They manage constraint 
atoms and they are, in a sense, the interface to the constraint solver. They also deal 
with equalities and CIFF disequalities (see Definition 13. 5p which can be delegated 
to the constraint solver if their arguments are in the constraint domain _D(K). The 
formal definition of the proof rules is quite complex, hence we first introduce some 
useful definitions. 

Definition 3. 1 (Basic c-atom) 

A basic c-atom is either a constraint atom, or an equality atom of the form A — B 
where A and B are not both variables, and each is either a variable or a term 
ranging over the chosen constraint domain D(JR). 

As an example, X > 3 and X — 2 are both basic c-atoms, whereas X = Y and 
X — a are not (where a ^ D{di)). 

Definition 3.8 {basic c-conjunct and constraint variable) 

A basic c-conjunct is a basic c-atom which occurs as a CIFF conjunct in a node. 
A constraint variable is a variable occurring in a basic c-conjunct. 

Note that a constraint variable is always an existentially quantified variable with 
its scope the entire CIFF node in which it occurs. This is because it must appear 
in a basic c-conjunct (i.e. outside an implication). 
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Definition 3.9 (c-atom and c-conjunct) 

A c-atom is either a basic c-atom or a non- ground equality atom of the form A = B 
such that ah the variables occurring in it are constraint variables. 
A c-conjunct is a c-atom which occurs as a CIFF conjunct in a node. 

We are now ready to present the first constraint proof rule. 

R6 - Case analysis for constraints 

Given: { (Con A A) ^ B} 

Conditions: { Con is a c-atom } 
Action: replace { [Con' ^{A^ B)] V Con' } 



where Con' \s A = B '\i Con \s A = B , and Con' is Con otherwise. 

Observe that as Con is a c-atom, all the variables occurring in it are constraint 

variables, thus they are existentially quantified. 

The next rule provides the actual constraint solving step itself. It may be applied 
to any set of c-conjuncts in a node, but to guarantee soundness, eventually, it has 
to be applied to the set of all c-conjuncts in a node. To simplify presentation, we 
assume that the constraint solver will fail whenever it is presented with an ill-defined 
constraint such as, say, hoh < 5 (in the case of a numerical solver). For inputs that 
are "well-typed" , however, such a situation never arises. 

R7 - Constraint solving 

Given: { Cojii, . . . , Con„ } 

Conditions: { each Coui is a c-conjunct; 

{Con'i, . . . , Con'n} is not 5R-satisfiable } 
Action: replace { false } 



As in the case of the previous rule, Con'i is obtained from Coni by replacing all 
occurrences of — with ^. 

The next proof rules deal with equalities (which are not constraint atoms to be 
handled by the constraint solver) and they rely upon the following rewrite rules 
which essentially implement the term reduction part of the unification algorithm of 
(|Martelh and Montanari 1982^ : 

(1) Replace f{ti, . . . ,tk) = /(si, ... ,Sk) hy ti = si A ■■■ Atk = Sk- 

(2) Replace f{ti, . . . ,tk) = g(si, . . . ,s/) by false if / and g are distinct or k ^ I. 

(3) Replace t — t by true. 

(4) Replace X — t by false if t contains X. 

(5) Replace t = X by X = t ii X is a. variable and t is not. 

(6) Replace Y — X by X = Y ii X is a. universally quantified variable and Y is 
not. 
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In the following equality rewriting rules, we denote as £{e) the result of applying 
the above rewrite rules (l)-(6) to the equality e. If no rewrite rule can be applied 
then f (e) = e. 

R8 - Equality rewriting in atoms 

Given: { ti = t2 } 

Conditions: { } 

Action: replace { £{ti = t^) } 



R9 - Equality rewriting in implications 

Given: { {ti = t2 f\ B) ^ H } 

Conditions: { } 

Action: replace { (£(ti = t2) AB) — > -ff } 



The following two substitution rules propagate equalities to the rest of the node. In 
the first case we assume that N = (X ~ t /\ Rest) . 



RIO - Substitution in atoms 



Given: { X ^ t, Rest } 




Conditions: { X ^ t; t is a. Herbrand term } 


Action: replace { X = t, 


{Rest[X/t]) } 


Rll - Substitution in implications 


Given: { {X ^ t A B) H } 




Conditions: { X universally quantified; X ^ 


^ t; t is a Herbrand term } 


Action: replace { (-B ^ H)[X/t] } 





Note that if B is empty then {B ^ H)[X/i\ should be read as {true H)[X/t\. 

If none of the equality rewriting or substitution rules are applicable, then an equality 
in the body of an implication may give rise to a case analysis: 

R12 - Case analysis for equalities 



Given: { {X ^ t A B) ^ H } 

Conditions: { {X = t A B) H is not of the form X = t — > false; X ^t; 

X is existentially quantified; X = t is not a c-atom; 

t is not a universally quantified variable; 

t is a Herbrand term } 
Action: replace { [X = t A {B ^ H)]\/ [X = t ^ false] } 



Note that the variables which occur in t become existentially quantified in the 
first disjunct while in the second disjunct each variable in t maintains its original 
quantification. 
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The first condition of the rule avoids applying case analysis if the implication 
{X = t A B) ^ H is oi the form X = t — > false. This is because, if it were applied, 
the resulting first disjunct would become [X = tA {true — > false)] which is trivially 
false, while the second disjunct would become X — t ^ false itself. The other 
conditions guarantee that none of the earlier rules are applicable. 

The next rule moves negative literals in the body of an implication to the head of 
that implication: 

R13 - Negation rewriting 

Given: { {{A false) A B) H } 

Conditions: { } 

Action: replace { B ^ {AV H) } 

Note that if B is empty then B ^ {AV H) should be read as true {Ay H) . 
The following are logical simplification rules. 

R14 - Logical simplification #1 

Given: { true } 

Conditions: { } 

Action: delete { true } 



R15 - Logical simplification #2 



Given: { {true A B) ^ H } 

Conditions: { i3 is not empty } 
Action: replace { S — > J? } 



R16 - Logical simplification #3 



Given: { false — » J? } 

Conditions: { } 

Action: delete { false —> H } 



R17 - Logical simplification #4 



Given: { true H } 

Conditions: { H does not contain any universally quantified variable } 
Action: replace { H } 



Note that the last simplification rule replaces an implication with an empty body 
with its head as a CIFF conjunct. This is done only if no universally quantified 
variables occur in the head, otherwise we would have some universally quantified 
variables outside implications in a node. For example, suppose we applied the rule 
on true a{f{Y)) where Y is universally quantified and a is abducible. We would 
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obtain a{f{Y)) as a conjunct in a node, thus leading to two main problems: (1) the 
variable quantification cannot be implicit and, even worse, (2) the semantics should 
be extended to the case of infinitely many instantiations of abducible atoms in an 
abductive answer. 

The case where H does have a universally quantified variable is dealt with by 
the Dynamic AUowedness rule, which is used to identify nodes with problematic 
quantification patterns, which could lead to floundering: 

R18 - Dynamic allowedness (DA) 



Due to the definition of the other CIFF proof rules, the implication B ^ H to 
which DA is applied to falls in one of the following cases: 

1. B — true and there is a universally quantified variable in H; 

2. there is a constraint atom in B with an universally quantified variable occur- 



DA allows us to avoid obtaining infinitely many abducible atoms in an abductive 
answer. For example, let us consider an implication of the form X > Y —> H 
such that X is universally quantified. Depending on -D(K), there could be infinitely 
many instances of X satisfying the c-atom and CIFF should handle all those cases. 
However, we believe that DA could be relaxed, in particular for those implications 
falling in case 2 above. Consider, for example, the following implication: 



where X is universally quantified and a is an abducible predicate. If is the set 
of all integers, there is a finite set of abducible atoms satisfying the implication, i.e. 
the set {a(4), a(5), . . . , a(99)}. However, DA marks a node with this implication as 
undefined due to the presence of X. The relaxation of DA is not in the scope of 
this paper. 

The CIFF proof rules are summarized in Table [1] where the rules drawn from the 
IFF procedure are indicated by "IFF" on the right-hand side. It is worth noting that 
the four Logical Simplification rules are a reformulation of the corresponding IFF 
rules where, in particular. Logical Simplification #4 checks for the quantification 
of the variables in the head of an implication for managing correctly the floundering 
problem. Moreover, Case analysis for equalities is a slight extension of the 
corresponding IFF rule for handling c-atoms. 



Action: 



Given: 
Conditions: 




ring in it. 



X > 3 AX < 100 ^ a{X) 
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Table 1. CIFF proof rules 



Rl 


Unfolding atoms 


IFF 


R2 


Unfolding in implications 


IFF 


R3 


Propagation 


IFF 


R4 


Splitting 


IFF 




r dCLOl iii^ 




R6 


Case analysis for constraints 




R7 


Constraint solving 




R8 


Equality rewriting in atoms 


IFF 


R9 


Equality rewriting in implications 


IFF 


RIO 


Substitution in atoms 


IFF 


Rll 


Substitution in implications 


IFF 


R12 


Case analysis for equalities 


IFF 


R13 


Negation rewriting 


IFF 


R14 


Logical Simplification #1 


IFF 


R15 


Logical Simplification ^2 


IFF 


R16 


Logical Simplification #3 


IFF 


R17 


Logical Simplification =f^4 


IFF 


R18 


Dynamic Allowedness 





3.2 CIFF Derivation and Answer Extraction 

The CIFF proof rules are the building blocks of a CIFF derivation which defines 
the process of computing answers with respect to a framework {Th, A, IC)sji and 
a query Q. 

Prior to defining a CIFF derivation formally, we introduce some useful definitions. 

Definition 3.10 {Failure and undefined CIFF nodes) 

A CIFF node N which contains false as an atomic CIFF conjunct is called a failure 
CIFF node. A CIFF node N marked as undefined is called an undefined CIFF node. 

Definition 3.11 {CIFF selection function) 

Let F be a CIFF formula. We define a CIFF selection function <S as a function such 
that: 

S{F)={N,cl,,x) 

where N \s a. CIFF node in F, cf) is a CIFF proof rule and X is a set of CIFF 
conjuncts in N such that x is a rule input for 0. 

In the sequel we assume that selection functions, given a CIFF formula F, always 
select a triple {N, (j), x) whenever a rule is applicable to F. 

We are now ready to define a CIFF pre- derivation and a CIFF branch. 

Definition 3.12 {CIFF Pre- derivation and initial formula) 

Let {Th, A, IC)sji be a CIFF framework, let Q be a query and let 5 be a CIFF 

selection function. A CIFF pre- derivation for Q with respect to {Th, A, IC)sji and S 
is a (finite or infinite) sequence of CIFF formulae Fi, F2, . . . , Fi, i^j+i . . . such that 
each Fi+i is obtained from Fi through S as follows: 
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9 Fi = {Ni} — {QUIC}, where Q and IC are treated as sets of CIFF conjuncts, 
(we will refer to Fi as the initial formula of a CIFF pre-derivation) 

• S{Fi) — {Ni,(j>i,Xi) such that N.^ is neither an undefined CIFF node nor a 
failure CIFF node and 

• F, > F,+ i 

The construction of a pre-derivation can be interpreted as the construction of an or- 
tree rooted at iVi and whose nodes are CIFF nodes. Roughly speaking, the whole 
or-tree can be seen as a search tree for answers to the query. Note that all the 
variables in the query are existentially quantified in A^i because the allowedness 
conditions of Definition 13.41 impose that each variable in Q occurs in an atomic 
conjunct of Q. 

CIFF formulas Fi in a pre-derivation correspond to successive frontiers of the search 
tree. Each derivation step is done by applying (through S) the selected proof rule 
on a set x of CIFF conjuncts within a node iV in a frontier. The resulting frontier 
is obtained by replacing N by the set of successor nodes M . 

Definition 3.13 {Successor Nodes in a CIFF pre-derivation) 

Let P be a CIFF pre-derivation for a query Q with respect to a CIFF framework 

(T7i, A, IC)sii and a selection function S. 

We say that J\f is the set of successor nodes of N in V, iff 

. S{F,) = {N,(b^,x^). 

N,X^ 

• -Fj *■ -Fj+i, and 

• for each N' £ F,+i such that N' ^ F^\{N}, then N' e TV. 
Moreover we say that a node N' in A/" is a successor node of N in T). 

Definition 3.14 {CIFF branch) 

Given a CIFF pre-derivation V = Fi, F2, . . . , F,, F^+i . . a CIFF branch B in 2? is 
a (finite or infinite) sequence of CIFF nodes Ni, N2, . . . , Ni, Ni+i . . . such that each 
Ni G Fi and each Ni+i is a CIFF successor node of Ni in V. 

The next step, finally, is the definition of a CIFF derivation. 

Definition 3.15 {CIFF derivation) 

Let {Th, A, IC)?it be a CIFF framework, let Q be a query and let 5 be a CIFF 
selection function. A CIFF derivation T> for Q with respect to {Th, A, IC)^ and 
iS is a CIFF pre-derivation Fi , F2 , . . . such that for each CIFF branch S in 2? if 

. S{F,)^{N,,c^,x). 

. S{F,) = {N„ct>,x). 

• N,eB, 

• Nj e B and 

• « / j 
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then (f) ^ {Propagation, Factoring, Equality rewriting in atoms. Equality 
rewriting in implications. Substitution in atoms}. 

Informally, a derivation is a pre-derivation such that in each branch certain proof 
rules can be applied only once to a given set of selected CIFF conjuncts. This is 
because those rules can produce loops if they are applied repeatedly to the same 
set of conjunct^ The concept of successor nodes in a pre-derivation is valid also 
for a derivation. Where it has no impact, we will omit the selection function when 
we refer to a derivation. 

Example 3.6 

Consider the following framework {Th, A^IC)^: 

Th : p ^ true 
A: {a} 
IC : p ^ a 

The following is a pre-derivation V for the query Q — p. 

Fi = {{p,[p^a]}} [Init] 
F2 = {{p,[p^ai[true^a]}} [R3] 
F3 = {{p, [p ^ a], [true a], [true ^ a]}} [R3] 



The Propagation rule R3 can be applied repeatedly to the integrity constraint 
giving rise to an infinite pre-derivation which should be avoided in a derivatior0. 

Definition 3.16 (Successor CIFF Derivation) 

Let V= Fi, . . . ,Fi be a CIFF derivation, let 5 be a CIFF selection function and let 
N £ Fi. We say that V = Fi, . . . is a successor CIFF derivation via NofD 

iff 

. S{F,) = {N,cp,,x^). 

• Fi >■ Fi+i, and 

• 23' is a CIFF derivation. 

Definition 3.17 (Leaf and successful CIFF nodes) 

Let 2?= i^i, . . . , F, be a CIFF derivation. A CIFF node N in F^ is a leaf CIFF node 
iff 

• it is a failure CIFF node or 

• it is an undefined CIFF node or 

• there exists no successor CIFF derivation via N of T>. 

^ Note, however, that they could be appHed to different copies of a set of conjuncts. 
The example shows the need of multisets for representing correctly CIFF formulae and CIFF 
nodes. 
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A leaf node which is neither a failure CIFF node nor an undefined CIFF node is 
called a successful CIFF node. 

We are now ready to introduce the following classifications of CIFF branches and 
CIFF derivations. 

Definition 3.18 {Failure, undefined and successful CIFF branches) 

Let P be a CIFF derivation and let S = iVi, . . . , iV^ be a CIFF branch in V. We 

say that B is 

• a successful CIFF branch if Nk is a successful CIFF node; 

• a failure CIFF branch if Nk is a failure CIFF node; 

• an undefined CIFF branch if Nk is an undefined CIFF node. 

Definition 3.19 [Failure and Successful CIFF Derivations) 

Let 2? be a CIFF derivation. T> is called a successful CIFF derivation iff it contains 
at least one successful CIFF branch. T> is called a failure CIFF derivation iff all its 
branches are failure CIFF branches. 

Intuitively, an abductive answer to a query Q can be extracted from a successful 
node of a successful derivation. Formally: 

Definition 3.20 {CIFF Extracted Answer) 

Let {Th,A,IC)u be a CIFF framework and let Q be a CIFF query. Let V he a 
successful CIFF derivation for Q with respect to {Th, A, IC)sii. A CIFF extracted 
answer from a successful node iV of I? is a pair 

(A,C) 

where A is the set of abducible atomic conjuncts in N, and C — (F, E, DE) where: 

• r is the set of all the c-conjuncts in iV, 

• E in the set of all the equality atoms (i.e. equalities over Herbrand terms) in 

• DE is the set of all the CIFF disequalities in N. 

The soundness of the CIFF proof procedure with respect to the notion of 5R- 
satisfiability and the three-valued completion semantics is the subject of the next 
section. The idea is to show that CIFF extracted answers correspond to abductive 
answers with constraints in the sense of Definition 12.21 

Example 3. 7 

Consider the following framework {Th, A, IC)sr, obtained from the abductive logic 
program with constraints of Example 12.11 and the following query Q: 

Th: p{T) = X Aq{Ti,T2) A Ti<X AX<8 

qiX, Y) ^ X = Xi AY ^ X2 A s{Xi,a) 
A : {r, s} 
IC : r{Z) ^ p{Z) 
Q : r{Y) 
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The following is a CIFF derivation V for Q with respect to {Th, A, IC)^: 



Fi^ {{r{Y),[r{Z)^p{Z)]}} [Init] 

F2 = {{r{Y), [Z^Y^ p{Z)], [r{Z) ^ p{Z)]}} [R3] 

^^3 = {{r{Y), [true ^ p{Y)], [r{Z) ^ p{Z)]}} [Rll] 

F4 = {{riY),p{Y), [r{Z) ^ p{Z)]}} [R17] 

F^ = {{r{Y),Y = X,q[Tr,T2),Tr<X,X<SMZ)^p{Zm [Rl] 

F6= {{r(X),y = X,g(Ti,T2),ri<X,X<8,[r(Z) ^p(Z)]}} [RIO] 



i^7= {{r(X),y = X,ri = T/,T2 = W^,s(y,a),Ti<X,X<8,[r(Z)^p(Z)]}} [Rl] 
^8= {{riX),Y = X,T^ = V,T2 = W,s{V,a),V<X,X <d,,[r(Z) p[Z)]}} [RIO] 

No more new rules can be applied to the only node in i^g and this is neither a failure 
node nor an undefined node. Hence, it is a successful node from which we extract 
the following answer: 

({r(X),s(F,a)},C) 

where C = {T, E, DE) is: 

T: {Y = X,Ti = V,V<X,X<8} 
E: {T2 = W} 
DE : 

Indeed, note that the abductive answers with constraints given in Example l2.1l are 
instances of the above extracted answer. 



Example 3.8 

Consider the following framework {Th, A, IC)sii (where we assume a constraint 
structure K over integers with the usual relations and functions), and the following 
query Q: 

Th : p{X) ^ X = Z A a{Z) A Z < 5 
A: {a] 

IC : a(2) -> false 

Q ■■ p{y) 

The following is a CIFF derivation V for Q with respect to {Th, A, IC)'}^: 

Fi = {{p{Y), [a(2) ^ false]}} [Init] 

F2 = {{Y = Z, a{Z),Z < 5, [a(2) false]}} [Rl] 

Fi = {{Y = Z, a{Z),Z < 5, [a(2) ^ /aZse], \2 ^ Z ^ false]}} [R3] 

F4 = {{Y = a(Z), Z < 5, [a(2) /a/se], [Z = 2 ^ false]}} [R9] 
-F's = {{y = Z, a{Z),Z < 5, [a(2) /a/se], [Z / 2 V [Z = 2, (true ^ /aZse)]]}} [R6] 
-F'e = {{Y = a(Z), Z < 5, Z / 2, [a(2) /a/se]}, 

{F = Z, a\z), Z <b,Z = 2, [a(2) ^ false], {true false)}} [R4] 
F7 = {{y = 2', a{Z), Z <^,Z ^2, [a(2) ^ /a/se]}, 

{Y = 2', a(Z), < 5, = 2, [a{2) ^ false], false}} [R17] 

Note that only the Case analysis for constraints rule (R6) can be applied to 
F4 because the variable Z is a constraint variable. Hence Z = 2 is a c-atom (see 
Definition 13. 9p and thus the Case analysis for equalities rule (R12) cannot be 
applied to F4. 
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No more rules can be applied to both nodes in Fr. The first node is neither a failure 
node nor an undefined node. Hence, it is a successful node from which we extract 
the following answer: 

{{aiZ)}, {{Y^Z,Z <5,Z^ 2}, 0, 0)) 

4 Correctness of the CIFF Proof Procedure 

As anticipated in the previous section, the CIFF proof procedure is sound with 
respect to the three-valued completion semantics, i.e. each CIFF extracted answer 
is indeed a CIFF correct answer in the sense of definition 12. 21 All the results stated 
in this section (and whose proofs are given in [Appendix Ap are based upon the 
results given in ( [Fung 19961 ) foi' the IFF proof procedure. 

Theorem 4-1 (CIFF Soundness) 

Let {P, A, IC)'!ii be an abductive logic program with constraints such that the 
corresponding CIFF framework is (T/i, A, IC)^. Let (A, C), where C = (F, E, DE), 
be a CIFF extracted answer from a successful CIFF node in a CIFF derivation 
with respect to {Th^A^IC)^^ and a CIFF query Q. Then there exists a ground 
substitution a such that (A, ct, F) is an abductive answer with constraints to Q 
with respect to (P, A^ IC)ift. 

The proof of the theorem relies upon the following propositions. The first proposi- 
tion shows that given a CIFF extracted answer (A, C) there exists a substitution 
satisfying all the constraint atoms, equality atoms and CIFF disequalities in C. 

Proposition 4-1 

Let (A, C) be a CIFF extracted answer from a successful CIFF node iV, where 
C = {r,E,DE}. Then: 

1. there exists a ground substitution such that 9 ^3(3?) and 

2. for each such ground substitution 6, there exists a ground substitution cr such 
that 

0a ^3(3}) ruEUDE 

Example 4.1 

Given T ^ {2 < T,T < A}, E = {X = f{Y),Z = g{V)} and DE = {{Y = 
h{W, V)) false}, we have that both Oi = {T/2} and 6*2 = {T/S} satisfy F and 
they contain all the possible assignments for T (given that Z?(5R) is the set of all 
integers). We can obtain a ground substitution Oiu (with <j = gde Uctb) as follows: 

1- (^DE = {Y/r{c)} obtaining Si = {{E U DE)e)aDE = 
{X = /(r(c)), Z - giV), (r(c) = h{W, V)) ^ false} 

2. the second step is to assign the corresponding terms to X and Z obtaining 
^2 = {/(r(c)) = /(r(c)), giV) = giV), (r(c) = hiW, V)) ^ false} 
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3. finally we assign new terms with fresh functions to the remaining existentially 
quantified variable V, e.g. as — {V/t{c)} obtaining 

^3 - {/(Kc)) = /(r(c)),g(t(c)) =g(i(c)),(r(c) = ft(W^,i(c))) ^ false} 

The set S3 is clearly entailed by GET. Note that we do not care about the universally 
quantified variable in 5*3. This is because 

(r(c) = h{W,t{c))) false 

is entailed by GET for any assignment to W, due to the fact that r and h are 
distinct function symbols. 

Similarly, we can obtain another ground substitution using 02- 

The next proposition directly extends the above result to the set A of a GIFF 
extracted answer. 

Proposition ^.2 

Let (A, C) be a GIFF extracted answer from a successful GIFF node N where 
C = (r, E, DE). For each ground substitution a' such that a' ^3(sff) F U i? U DE, 
there exists a ground substitution cr which extends a' for the variables that are in 
A but not in C such that 

1. <t' Ca 

2. Act ^3(5R) AUTUEU DE. 

The third proposition shows that the GIFF proof rules are indeed equivalence pre- 
serving rules with respect to the three-valued completion semantics. This a basic 
requirement to prove the soundness of GIFF. 

Proposition 4-3 (Equivalence Preservation) 

Given an abductive logic program with constraints (P, A, /C)sr, a GIFF node N 
and a set of GIFF successor nodes TV obtained by applying a GIFF proof rule ip to 
N, it holds that: 

p^^m^ iff PHm^^ 

where 7V^ is the disjunction of the nodes in TV. 

Corollary 4-1 {Equivalence Preservation of CIFF Formulae) 

Let (P, A, IC)sji be an abductive logic program with constraints, F a GIFF formula 
and S any GIFF selection function. Let S{F) = (iV, 0, x) and F' the result of 
applying cj) to N in F. Then: 

PUIC h3(SR) F iff PUIC h3(Jf) F', i.e. 

PUIC h3(3?) {F^F'). 

The GIFF soundness in Theorem 14.11 concerns only those branches of a GIFF suc- 
cessful derivations whose leaf node is a GIFF successful node. It implies that ab- 
ductive answers with constraints can be obtained also by those derivations which 
contain failure and undefined branches but which have at least a successful branch. 
We also prove the following notion of soundness regarding failure GIFF derivations. 
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Theorem 4-2 (Soundness of failure) 

Let (P, A, IC)sji be an abductive logic program with constraints such that the 
corresponding CIFF framework is {Th, A, IC)^. Let 2? be a failure CIFF derivation 
with respect to {Th^ A, IC)sji and a query Q. Then: 

puic -Q- 

Note that there is a class of CIFF derivations for which a soundness result cannot 
be stated, i.e. all the derivations containing only undefined and failure branches. 
The meaning of such CIFF derivations is that for each branch, no CIFF answer can 
be extracted, but there are some branches (undefined branches) for which neither 
failure nor success is ensured. The presence of an undefined branch is due to the 
application of the Dynamic Allowedness rule and, as we have seen at the end of 
Section [3T1 this could lead to infinite sets of abducibles in the answers. 

Concerning completeness, CIFF inherits the completeness results for IFF in ( |Fung 19961 ) 
for the class of allowed IFF frameworks. In ( jFung 1996[ ), the only requirement for 
ensuring completeness is the use of a fair selection function, i.e. a selection func- 
tion that ensures that any node to which a proof rule can be applied is eventually 
selected in each branch of a derivation. This condition is also required in the case 
of CIFF. To illustrate fairness, suppose we have the following iff- definitions 

q ^ pW a 
p ^ p 

where a is an abducible predicate. Consider the query q and an empty set of integrity 
constraints. After the unfolding of q, the IFF proof procedure would return the 
abductive answer a if the second disjunct is eventually selected, but it loops forever 
in the other case. A fair selection function ensures that the second disjunct is 
eventually selected during a derivation. 

For the class of IFF allowed frameworks, a CIFF derivation is exactly an IFF deriva- 
tion as there are no constraint atoms in the framework. Moreover, the Dynamic 
allowedness rule can never apply in a derivation due to the following lemma, stat- 
ing that for the of class CIFF statically allowed frameworks and queries (see Defini- 
tion [3?3l) there does not exist a CIFF derivation in which Dynamic allowedness 
is applied. 

Lemma 4-1 (Static Allowedness lemma) 

Let (P, A, IC)^ be an abductive logic program with constraints such that the corre- 
sponding CIFF framework {Th, A, IC)^ and the query Q are both CIFF statically 
allowed. Then, given any CIFF derivation Fi,F2, . . . with respect to {P, A, /C)sr 
and Q, and any selection function S: it is never the case that S(Fi) — {Ni, R18, x) 
for any Fi, where i?18 is the Dynamic allowedness rule. 

Indeed, the above lemma trivially applies also to IFF allowed frameworks. 
As a consequence, we can state the following result. 

Theorem 4-3 (CIFF completeness for IFF allowed frameworks) 
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Let (P, A, IC)sji be an abductive logic program without constraints such that 
the corresponding CIFF framework {Th, A^IC)^ and the query Q do not contain 
constraint atoms and they are IFF allowed. 

If there exists an abductive answer with constraints (A,cr, 0) for Q with respect 
to (P, A, IC)^, then there exists a CIFF derivation V for Q with respect to 
(Tft,, A, /C)sff and to a fair CIFF selection function S such that 

• (A', (0, P, DE)), can be extracted from a successful CIFF node in V; and 

• there exists a ground substitution cr" I) cr such that 

— P U AV" h Qct" 

— P U AV" h 

— A' a" C Act". 

Considering the whole class of CIFF frameworks, we cannot formulate a full com- 
pleteness theorem for CIFF because, tackling the allowedness problem dynamically, 
we could obtain undefined derivations, even with a fair selection function. 

Example 4-2 

Consider the following framework {Th^A^IC)^ where we assume an arithmetical 
constraint over integers in which > has the expected meaning: 

P : p{Y) ^ a{Y) 

Th : p{X) ^ [X = y A a{Y)] 

A: {a} 

IC : V >2 a{V) 

The following is a CIFF derivation V for the empty query. 

Pi = {{[V > 2 ^ a{V)]}} [Init] 
Pa = {undefined : {[V > 2 a{V)]}} [R18] 

The only rule applicable to Pi is the Dynamic allowedness rule due to the 
presence of V in the constraint atom V > 2. Note that the existence of infinite 
values for V greater than 2 would give rise to an infinite set of abducibles arising 
from a(V) in the head of the implication. 

However, we can state a weak completeness theorem for the CIFF proof proce- 
dure if we assume CIFF derivations without undefined branches. The result is 
analogous to the completeness result shown for the ^-System (jVan Nuffelen 2004| 
IKakas et al. 2001 j) . 

Theorem 4-4 {Weak CIFF Completeness) 

Let (P, A, IC)?st be an abductive logic program with constraints with the corre- 
sponding CIFF framework {Th,A,IC)^ and let Q be a CIFF query. Let P be a 
finite CIFF derivation with respect to {Th, A, IC)^ and Q such that each branch 
in T> is either a failure or a successful branch. Then: 

1. if P U IC |=3(sR) then all the branches of V are failure branches; and 

2. if PU/C ^3(sR) (i-G- PUICUQ is satisfiable) then there exists a successful 
branch in V. 
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The above result gives rise to the foUowing completeness theorem for the CIFF 
proof procedure. 

Theorem 4-5 (Weak CIFF Completeness for CIFF statically allowed frameworks) 
Let {P, A, IC)si be an abductive logic program with constraints such that the 
corresponding CIFF framework {Th, A, IC)'si and the query Q are both CIFF stat- 
ically allowed. Let P be a finite CIFF derivation with respect to {Th, A, IC)sft and 
Q. Then: 

1. if P U IC |=3(3i) then all the branches of V are failure branches; and 

2. if PUIC |?^3(s){) (i.e. PUICUQ is satisfiable) then there exists a successful 
branch in T>. 

All the correctness results so far focus on the three-valued completion semantics. 
However, it is worth noting that both IFF and CIFF are sound with respect to the 
well-founded semantics (jvan Gelder et al. 199ip . since the well-founded model is a 
three- valued model of the completion of a logic program ()van Gelder et al. 19911) . 
However IFF (and thus CIFF for the class of IFF allowed frameworks) is not com- 
plete with respect to that semantics. Indeed, considering the iff-definition 

p p 

the negative literal -^p holds with respect to the well-founded semantics while p is 
undefined with respect to the three- valued completion semantics. Accordingly, both 
IFF and CIFF fail to terminate for the query -^p. 

5 The CIFF System 

The CIFF System is a SICStus Prolog implementation of CIFF. We rely upon 
the SICStus CLPFD solver integrated in the platform. This is a very fast and 
reliable constraint solver for finite domains ([Fernandez and Hill 2000|) . The version 
of the system described here is version 4.0 whose engine has been almost completely 
rewritten with respect to older versions HEndriss et al. 2004a| lEndriss et al."2005l) . 
in order to improve efficiency. 

Here we give a brief general description of the CIFF System. Further details can 
be found in (ITerreni 2008a[) and in the CIFF user manual (|Terreni 2008bp . 

The main predicate, to be run at Prolog top-level is 

run_ciff( +ALP, +Query, -Answer) 
where ALP is a list of . alp files containing an abductive logic program with con- 
straint^, Query is a CIFF query and Answer will be instantiated to either a CIFF 



http: //www. sics . se/isl/sicstuswww/ site/ index .html 

All the files in the ALP list together represent a single abductive logic program with constraint. 
This is to facilitate writing CIFF applications. A typical example is a list with two elements 
where one . alp file contains the clauses and the integrity constraints which specify the problem 
and the other file contains the specification of the particular problem instance. In this way the 
first file could be reused for other instances. 
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extracted answer (see Definition I3.20p or to the special atom undefined if an al- 
lowedness condition is not met. A CIFF extracted answer is represented by a triple, 
namely a list of abducible atoms A, a list of CIFF disequalities DE and finally a list 
of finite domain constraints F. The set of equalities E is not returned as the final 
substitution (in E) is directly applied by the system. Further answers are returned 
via Prolog backtracking. If no (further) answer is found, the system fails, returning 
the control to the Prolog top-level. 

Each abductive logic program with constraints (ALPC) consists of the following 
components, which could be placed in any position in any . alp file: 

• Declarations of abducible predicates, using the predicate abducible. For ex- 
ample an abducible predicate abd with arity 2, is declared via 

abducible(abd(_,_) ) . 

• Clauses, represented as 
A : - Li , . . . , Ln. 

• Integrity constraints, represented as 

[LI, Lm] implies [Al An]. 

where the left-hand side list represents a conjunction of CIFF literals while 
the right-hand side list represents a disjunction of CIFF atoms. 

Equality/disequality atoms are defined via =, \== and constraint atoms are de- 
fined via #=, #\=, #<, #=<, #>, #>=0- Finally, negative literals are of the form 
not (Atom) where Atom is an ordinary atom. 

All the clauses defining the same predicate (here a predicate is identified by its 
name plus its arity) are preprocessed by the system in order to build the internal 
representation (an iff-definition) . Each iff-definition is asserted in the Prolog global 
state in order to retrieve such information, when needed during a CIFF derivation, 
in a simple and efficient way. 

The CIFF proof rules are implemented in CIFF 4.0 as Prolog clauses defining 
sat(+State, -Answer), where State represents the current selected CIFF node. 
State is initialized to the internal representation of the Query plus all the integrity 
constraints in (all files in) the ALP argument. 
Throughout the computation State is defined as: 

state (Diseqs , CLPStore , Imps , Atoms , Abds , Dis j s)0 

where the aggregation of the arguments represent a CIFF node. Diseqs represents 
the set of CIFF disequalities, CLPStore represents the current finite domain con- 
straint store. Imps the set implications, Atoms the set of defined atoms, Abds the 

Note that, whenever possible, disequahties in the system are managed through the operator 
\== rather than in the corresponding (and less efficient) implicative form. 

The representation of the current node, in the real code, needs some further elements dropped 
here for simplicity. 
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set of abduced atoms and finally Disjs is the set of disjunctive CIFF conjuncts in 
the node. 

The predicate sat calls itself recursively until no more rules can be applied to the 
current State, thus instantiating the Answer. 

Finally a note on the implemented CIFF selection function. We use a classical 
Prolog-like selection function, i.e. we always select the left-most CIFF node in a 
CIFF formula. It is not a fair selection function in the sense that it does not ensure 
completeness (see Section 2] for further details), but it has been found as the only 
possible practical choice in terms of efficiency. Without entering in technical details, 
this is mostly because, fixing the choice of the selected node in a CIFF formula as 
the left-most CIFF node, we can directly take advantage of the Prolog backtracking 
mechanism in order to switch to another CIFF node in case of failure. 
Concerning the order of selection of the proof rules in a CIFF node, this is deter- 
mined by the order of the sat clauses. If a sat clause defining a CIFF proof rule, 
e.g. Unfolding atoms (Rl), is placed before the sat clause defining e.g. Propa- 
gation (R3), then the system tries first to find a rule input for Rl and, only if no 
such rule input can be found, then the system tries R3. 

Below we sketch the most important techniques used to make the CIFF System 
an efficient abductive system. For further details on these topics, please refer to 
(|Terreni 2008ap . 

Managing variables and equalities. Variables play a fundamental role in nodes 
in CIFF: they can be either universally quantified or existentially quantified. Uni- 
versally quantified variables can appear only in implications (which define their 
scope). Existentially quantified variables can appear in any element of the node, 
with scope the entire node. In the system the CIFF variables are Prolog variables, 
but to distinguish at run-time existentially quantified and universally quantified 
variables we use the Prolog facility of attribute variables (I Holzbaur 1992^ . associ- 
ating to each existentially quantified variable an existential attribute. Moreover, 
whenever possible, we use the unification of Prolog for managing equality rewriting 
and substitutions, but we also implemented the Martelli-Montanari unification algo- 
rithm (jMartelli and Montanari 1982P for managing, in particular, equality rewriting 
and substitutions involving universally quantified variables. 

Many CIFF proof rules, for example. Propagation (Rl) and Unfolding (R2, 
R3) rules, typically need to be followed by a set of Equality rewriting (R8, R9) 
and Substitution (RIO, Rll) rules. In the CIFF System, these "equality" rules 
are not treated at the same level of the other main proof rules, but rather they have 
been integrated within them in order to improve efficiency. In particular rules R8, 
R9, RIO, Rll are applied transparently to the user (i.e. they are not defined as 
sat clauses) at the very end of the other proof rules, e.g. Rl, R2 and R3. 

Loop management. Recall that in the definition of a CIFF derivation (Definition 
IS.lSp . we avoid repeated applications of certain proof rules. In the CIFF System this 
requirement is dealt with through a non-straightforward loop management which is 
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designed to avoid repetitive application of CIFF proof rules, in particular Propa- 
gation (R3) and Factoring (R5), to the same rule input. Obviously, in order to 
manage even small-medium size problems, loop management needs to be efficient. 
We do not enter in details here, but just give a hint of the technique. Loop manage- 
ment is done by enumerating univocally each potential rule input component for 
R3 and R5 (e.g. implications for Propagation and abducibles for Factoring) in 
a CIFF node, maintaining them sequentially ordered throughout the computation. 
Then, we can (non-straightforwardly) avoid loops, applying proof rules R3 and R5 
to appropriate rule inputs, following the order given by the enumeration. 

The loop management required in a CIFF derivation for Equality and Substi- 
tution rules is, instead, obtained (almost) for-free due to the integration of those 
proof rules in the other main proof rules as discussed above. 

Constraint solving. Interfacing efhciently the CIFF System with the underlying 
SICStus CLPFD solver is fundamental for performance purposes. Despite a clear 
interface made available by the Prolog platform, the main problem in the interaction 
with the solver is that the solver binds variables to numbers when checking the 
satisfiability of the current CLPstore (i.e. when the Constraint Solving (R7) rule 
is applied), while we want to be able to return non-ground answers. The solution 
adopted in the CIFF System tackles this problem through an algorithm which 
allows, when needed, to check the satisfiability of the CLPstore as usual and then 
restores the non-ground values via a forced backtracking. 

Groundable integrity constraints The main source of inefficiency in a CIFF 
computation is probably represented by integrity constraints. The main problem 
is the presence of universally quantified variables which potentially lead, through 
the Propagation rule, to a new implication in a CIFF node for each propagated 
variable instance. It is worth noting that even in a small/medium size CIFF appli- 
cation, the number of such implications resulting from integrity constraints easily 
grows, thus representing the main computational bottleneck. 

To deal with this, we have incorporated within CIFF a specialized algorithm that 
can be applied to a wide class of integrity constraints, called groundable integrity 
constraints. Intuitively, an integrity constraint / is groundable if the set of implica- 
tions obtained through the exhaustive application of CIFF proof rules (in particu- 
lar Unfolding in implications and Propagation) on / is "expected to become 
ground" at run-time. For example, consider an integrity constraint of the form 

piX),q{Y)^r{X,Y) 
where p and q are both defined through a set of N and M ground facts respectively. 
Intuitively, the exhaustive application of Unfolding in implications gives rise, at 
run-time, to a set oi N*M implications which become ground after the application 
of the substitutions on X and Y. This type of integrity constraint is included in the 
class of groundable integrity constraints which is formally defined in (jTerreni 2008aP 
together with the details of an algorithm for managing it. This algorithm handles 
most of the operations on groundable integrity constraints in the Prolog global state, 
via a non-straightforward combination of assertions/retractions of the (partial) in- 
stances of the groundable integrity constraints. The system checks automatically, in 
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the preprocessing phase, whether an integrity constraint is a groundable integrity 
constraint and it prepares all the needed data-structures. This feature significantly 
boosts the performance of the system because firstly the operations on implica- 
tions performed in the Prolog global state are much faster than the operations 
performed in a CIFF node in the usual way, and secondly, the absence of a large 
set of implications in a node boosts also the application of the proof rules to the 
other elements. 

Example 5.1 

The following is an example of groundable integrity constraint: 

[q(R,C)] implies [p(R,C)] . 

where q is an abducible predicate. Indeed, for all the concrete ground instances of 
q which are abduced during a CIFF derivation, the above integrity constraint gives 
rise to a set of ground implication. Note that the class of groundable integrity con- 
straints includes integrity constraints containing abducibles in their bodies because 
the algorithm also manages the cases in which such abducibles are propagated to 
an abducible atom containing existentially quantified variables. 

Example 5.2 

The following is an example of an integrity constraints which is not groundable: 

[p(X)] implies [false] . 
where a clause defining p(X) is: 

p(Y). 

The problem in this case is given by the variable X in the body of the integrity 
constraint: unfolding p(X) we will obtain X = Y and there is no way for Y to be 
grounded. 



6 Related Work, Comparison and Experiments 

There is a huge literature on abductive logic programming with and without con- 
straints, see for example ([Kakas et al. 19921'Kakas et al. 1998';'Denecker and Kakas 2002| 
IKakas and Mancarella 1990b. .Kakas and Mancarella 1990a: Kakas e t al. 2000 Per cira et al. 19911 
|Eshghi and Kowalski 1989 Denecker and De Schreye 1992 Denecker and De Schreye 1998 



IVan Nuffelen 2004HKakas et al. 200ll|Fung and Kowalski 1997|ISadri and Toni 19991 



lAlferes et al. 20041 ILin and You 20021 |Ciampolini et al. 2003[ IBressan et al. 19971 



rChristi ansen and Dahl 2005p . The closest systems to CIFF are the ASystem ()Van Nuffelen 2004|) 
and SCIFF (jAlberti et al. 2007|) . The latter has also been developed as an exten- 
sion of the IFF proof procedure to handle numerical constraints as in CLP, but with 
focus on the specification and verification of interactions in open agent societies. 
The main features of SCIFF are the support of dynamical happening of events 
during computations, universally quantified variables in abducibles, the concept of 
fulfilment and violation of expectations, given a set of events, and integrity con- 
straints of a specialised form which requires to include in their body at least one 
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specific social construct (an event or an expectation). Instead, CIFF is intended as 
a general purpose abductive proof procedure, keeping the spirit of the original IFF 
proof procedure and conservatively adding numerical constraints. 

The ^-System, as remarked in (jVan Nuffelen 2004)) . is a combination of three exist- 



ing abductive proof procedures, namely the IFF proof procedure ( [Fung and Kowalski 1997 ) 



the ACLP proof procedure (jKakas et al. 2000 l) and, most importantly, the SLDNFA 



proof procedure ( Denecker and De Schreye 1998| ), of which the ^-System is a direct 



descendant. The ^-System is the state-of-the-art of abductive logic programming 
with constraints, borrowing the most interesting features from the above cited proof 
procedures. In Section 16.11 we give a detailed comparison between CIFF and the 
^-System. 

Many approaches to abductive logic programming (jKakas and Mancarella 1990b| 
IKakas and Mancarella 1990a| IKakas et al. 2000| ILin and You 2002|) rely upon the 
stable models semantics (jGelfond and Lifschitz 1988]) and its extensions. Answer 
Set Programming (ASP) ()Baral and Gelfond 1994[) is a logic programming based 
paradigm for computing stable models and answer set semantics. The comparison 
of CIFF with the two dominant answer set solvers, DLV (jEiter et al. 1997]) and 
SMODELS (jNiemela and Simons 1997j) . is discussed in Section lOl 



In Section 16.31 we present some experimental results on concrete examples and in 
comparison with the yl-System and the aforementioned answer set solvers. Note that 
([Christiansen and Dahl 2005P gives an extensive experimental comparison between 
Hyprolog, another relevant system for abductive logic programming, and CIFF, 
some ASP systems and the ^-System. Whereas CIFF is a meta-interpreter, Hypro- 
log avoids meta-interpretation by directly extending Prolog to incorporate abduc- 
tion and constraint handling a la CHR (jFriihwirth 1998p . However, Hyprolog has 
restrictions on the use of negation, as mentioned in (jChristiansen and Dahl 2005^ . 



Finally, in Section [6. 41 we give a comparison with analytic tableaux-based methods. 



6.1 Comparison with A-System 

The .A-System and CIFF share many common points. They both rely upon the 
three- valued completion semantics and their computational schemas are both based 
on rewrite (proof) rules. Moreover, both systems are implemented under SICStus 
Prolog and the syntax of the input programs is very similar. In both systems much 
effort has been done, though adopting different solutions, for obtaining considerable 
efficiency, by exploiting the data structures and the services available in a modern 
Prolog platform such as SICStus. However there are also some important differences. 

Treatement of Integrity Constraints - The ^-System framework requires that 
integrity constraints arc in denial form. Logically, implicative integrity constraints 
can be written in denial form, since 

{B-> H) = {{B A -^H) -> false). 
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However, the operational treatement of the two representations of integrity con- 
straints is rather different in CIFF and in the ^-System. For example, given a 
CIFF integrity constraint 

a ^ b 

(where a and b are abducibles) and an empty query, CIFF computes the empty set 
of abducibles, whereas, given the equivalent denial 

a A -ife ^ false 

and the same query, the ^-System computes two alternative answers: the empty 
set of abducibles and {&}. Indeed, assuming b renders the original implication true. 
However, in some applications this treatment leads to unintuitive behaviours. For 
example, if a is alarm_sounds and b is evacuate, then, with the „4-System, evacuate 
is a possible answer independently of whether alarmsounds has been observed or 
not. This and other examples are discussed in (jSadri and Toni 1999^ . 

Negation in implications/denials - The presence of a negative literal {^A) in 
the body of an implication is handled by CIFF through a Negation rev^rriting rule 
which moves A to the head of the implication. The ^-System, instead, manages such 
negations with a rule similar to a Case Analysis rule. That is, it creates a two- 
terms disjunction with a disjunct containing A and the other disjunct containing 
{-'A) in conjunction with the rest of the original implication. This is exactly what 
CIFF does in the Case Analysis for equalities (R12) and Case Analysis for 
constraints (R6) rules. However, as noted also in ( |Fung 19"96l ), applying a Case 
Analysis rule to a defined/abducible atom A, is not in the spirit of a three-valued 
semantics approach. This is the reason why in CIFF Case Analysis is used only 
for equalities and constraints, whose semantics is two-valued. 

6.2 Comparison with Answer Set Programming 

Answer Set Programming (ASP) (see, e.g. ( |Marek and Truszczynski 1999[IBaral 2003| 
IBaral and Gelfond 1994P ) and Abductive Logic Programming with Constraints (ALPC) 
are strongly interconnected mechanisms for representing knowledge and reason- 
ing. This interconnection arises at first glance, just noting that ASP is based 
on the Answer Set Semantics ()Gelfond and Lifschitz 1991]) . an "evolution" of the 
stable models semantics (jGelfond and Lifschitz 1988|) (which in turn is used as 
the core semantics for many abductive proof procedures, e.g. (jKakas et al. 2000] 
IKakas and Mancarella 1990a|ILin and You 20021) ) and that abduction can be mod- 
eled in ASP, as shown e.g. in (|Bonatti 2002^ . 

Nevertheless, ASP and ALPC show important differences which we briefly discuss 
here, assuming the reader has some familiarity with ASP. 

The ASP framework is based upon some concrete assumptions. In particular ASP 
relies upon programs with finite Herbrand Universe This assumption has a high 
impact on the computational model and, hence, on the implemented answer set 
solvers. 
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The computational model of ASP, relying upon programs with a finite Herbrand 
Universe, shares many common points with typical constraint solving algorithms 
and it is very distinct from the classic computational model of logic programming 
(mostly used in ALPC and also in CIFF). For an excellent comparison of the two 
computational models, see (Marek and Truszczynski 1999). 

Directly from the above observations, the implemented answer set solvers benefit 
from a number of features which have made them popular tools for knowledge 
representation and reasoning: completeness, termination and efficiency. 

Completeness and termination follows directly from the assumption that the Her- 
brand universe of a program is finite. 

The idea of applying constraint solving techniques in the computational model, 
together with hardware improvements, makes it possible to have also efficient an- 
swer set solvers, and, indeed, state-of-the-art solvers are able to handle hundreds 
of thousands of ground Herbrand terms in acceptable times. This is sufficient for 
many medium to large size applications. 



However, the ASP assumptions also introduce some important limitations on the 
expressiveness of the framework. Even if many application domains can be mod- 
eled through ASP, there are some applications which need the possibility of in- 
troducing non- ground terms. The web sites repairing example described in Section 
16.3.31 below is one such (simple) application which is being further investigated 
(jMancarella et al. 20071 IMancarella et al. 2009p . Moreover, there are applications 
which can be effectively modeled in ASP, but for which non-ground answers could 
be more suitable. Consider, for example, a planning application where we search 
for a plan to solve a goal G by time T — 5. Assume that a certain action A 
solves the goal. In a plan obtained from an answer set solver the action A will 
be bound to a ground time, for example 4 or 3. However, it might be preferable 
to have a more general plan with A associated with a non-ground time TA to- 
gether with the constraint TA < 5. Obviously, this is just a hint of a planning 
framework which is outside the scope of this paper. Work focused on these top- 
ics include, for example, (jMancarella et al. 20041) . and part of the SOCS European 
Project (|SOCS-consortium 2005]) . 



To illustrate the main conceptual differences when programming applications in 
ASP and CIFF, let us consider the well-known N-queens domain, where N queens 
have to be placed on an N*N board in such a way that for no pair of queens Qi and 
Qj , Qi and Qj are in the same row or in the same column or in the same diagonal. 

We represent the problem in CIFF as follows {N is a placeholder for a natural 
number). 
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P : exists_q(R) ^ q_domain{R) A q_domain{C) A q4)os{R, C) 
q.domain{R) ^ R>1 AR < N 

safe{Rl, CI, i?2, C2) CI ^ C2 A {Rl + CI ^ R2 + C2)A 
(CI -Rl^C2- R2) 

A : {qjpos} 

IC : q.pos{Rl, CI) A q.pos{R2, C2) A i?l / i?2 ^ safe(Rl, CI, i?2, C2) 
Q : exists-q{l) A ... A exists J}{N) 

The CIFF specification of the problem is very compact. A CIFF computation for 
the query Q proceeds as foUows (we abstract away from the concrete CIFF selection 
function). Each exists-q{R) atom in the query (where R is one of the N integer 
values between 1 and N) is unfolded giving rise to three atoms: q_domain{R), 
q_domain{C) and the abducible q_pos{R,C). The first two atoms are in turn un- 
folded populating the CIFF node with the finite-domain constraints: 

R>1,R<N, C>l,C<N 

which will be evaluated by the constraint solver. Note that the constraints concern- 
ing R are obviously ground, while the constraints concerning C are not ground due 
to the presence of C. 

The third atom qjpos{R, C) is instead an abducible non-ground atom (due to the 
presence of the constraint variable C). 

Assuming that all the unfolding, the equality rewriting and the substitutions have 
been done, we will obtain a node with the following abducible atoms: 

q-pos{l, Ci), . . . , qjpos{N, Cn) 

Each pair of these has to be propagated to the integrity constraint firing N'^ non- 
ground instances of the safe atom. The condition Rl ^ R2 in the body of the 
integrity constraint in IC avoids to propagate twice the same abducible, i.e. it 
avoids to have an instance like safe(Ri, Ci, Ci). 

At this point the safe atoms are unfolded, resulting in the whole set of non-ground 
finite-domain constraints needed to ensure correct positioning of the queens. Fi- 
nally, this set, once the solver checks its satisfiability, is returned as part of the 
extracted answer. The extracted answer "contains" all the possible solutions: the 
corresponding ground answers identifying the concrete positions of the queens can 
be obtained performing a labeling on the constraint variables (the CIFF System 
automatically performs the final labeling if the user wishes it) . 

Consider now the following ASP representation 0: 

We choose the DLV representation, borrowed from 

http://www.dbai . tuwien . ac . at/pro j/dlv/tutorial/ 

because it is the closest representation to ours and we can easily highlight the differences. For 
the same reason we present the DLV specification as a set of ALPC integrity constraints: DLV 
syntax is slightly different. 
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row{l) 



row{N) 

row{R) q.pos{R, 1) V ... V q.pos{R, N) 
qjpos{R\, C) A q.pos{R2, C) h Rl ^ R2 false 

q.pos{Rl, CI) A q.pos{R2, C2) A row{R) A R2 = Rl + R A CI = C2 + R ^ false 
q.pos{Rl, CI) A q.pos{R2, C2) A row{R) A R2 ^ Rl + R A C2 = CI + R ^ false 

Also in this case all the possible solutions are returned by the answer set solvers, 
even if enumerating them in a ground form. 

Abstracting away from syntactical differences, there is an important difference be- 
tween the two specifications. The CIFF specification takes advantage of the con- 
straint solver because it delegates the constraints on the variables inside the clause 
concerning the safe predicate as informally described above. Conversely, in an ASP 
computation, the conditions on the queen positions are checked locally, resulting in 
a huge set of groundable integrity constraints, each one containing a ground pair of 
queen positions. 

As expected (and as shown in Section [6.3.f I below). delegating the checks to a finite- 
domain constraint solver results in performances an order of magnitude faster than 
any answer set solver. Note that the ASP community is aware of this problem 
and recently some work has been initiated on integrating ASP with constraint 
solvers, in an effort to reduce the grounding size and speed computation (e.g., 
(jBaselice et al. 20051 IMella rkod and Gelfon d 2008^ 1. but for limited forms of con- 
straints and restricted combinations of logic programs and constraints. 

6.3 Experimental Results 

In this section, we show some experimental results obtained running two of the most 
typical benchmark examples, namely the N-Queens problem and the graph coloring 
problem. We also present a simple instance of a web sites repairing framework 
which could be used with CIFF. Note that we focus our experimental evaluation 
on examples where abduction benefits from constraint solving, in order to illustrate 
the main innovative feature of CIFF with respect to its predecessor IFF, as well as 
related systems (ALP solvers and ^-System). 

In this performance comparison we restricted our attention to three systems: the 
^-System ()Van Nuffelen 2004| and two state-of-the-art answer set solvers, namely 
the DLV system ()Eiter et al. 1997P and SMODELS (jNiemela and Simons 1997|) . 
All the tests have been run on a Fedora Core 5 Linux machine equipped with a 2.4 
Ghz PENTIUM 4 - 1Gb DDR Ram. The SICStus Prolog version used throughout 
the tests is the 3.12.2 version. All execution times are expressed in seconds (" — " 
means that the system was still running after 10 minutes). In all examples, unless 
otherwise specified, the CIFF System query is the empty list [] representing true 
and the algorithm groundable integrity constraint is activated. In each experiment, 
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the formalisation of the problems are taken from http : //www. dbai . tuwien. ac . at/proj/dlv/tutorial/ 
for DLV, from http : //www . bara l . us/ code/ smodels/ for SMODELS, and from 
(|Van Nuffelen 2004^ for ASystem. 



6.3.1 The N- Queens problem 

We recall the N-Queens, already seen in Section 16.21 N queens have to be placed 
on an N*N board in such a way that for no pair of queens Qi and Qj, Qi and Qj 
are in the same row or in the same column or in the same diagonal. 

The CIFF System formalization (CIFF (1)) of this problem is very simple (the 
query is a conjunction of TV exists_q(R) where each i? is a natural number, distinct 
from each other, in [1, A^]): 

°m CIFF (1) 
7.%7. ABDUCIBLES 
abducible (q_pos (_,_)) . 

%%% CLAUSES 

q_domaiii(R) :- R #>= 1, R #=< N. 

7o7oyo N must be an integer in real code ! 

exists_q(R) :- q_domain(R) ,q_pos(R,C) ,q_domain(C) . 

safe(Rl,Cl,R2,C2) :- C1#\=C2, R1+C1#\=R2+C2 , C1-R1#\=C2-R2 . 

7.7.7. INTEGRITY CONSTRAINTS 

[q_pos(Rl,Cl) ,q_pos(R2,C2) ,R1#\=R2] implies [saf e(Rl,Cl,R2,C2)] . 

We also show another CIFF formalization which is a direct translation of the DLV 
formalization. Here, the checks on the queen position conditions, are made locally 
in each groundable integrity constraint instance and they are not delegated to the 
constraint solver. In these programs, abs is the absolute value function. 

The DLV translation (CIFF (2)) is very similar to the (CIFF (1)) formalization 
and the query is the same. But in this case the conditions on the queen positions 
is done locally in the body of the integrity constraint^. 

7.7.7. CIFF (2) 
7.7.7. DLV translation 
7.7.7. ABDUCIBLES 
abducible (q_pos (_,_)). 

The concrete CIFF syntax differs a bit from that of the program shown in Section 16.21 The 
conditions which avoid to place two queens in the same diagonal are integrated in a single 
integrity constraint, talking advantage of the - and abs functions of the constraint solver: the 
DLV system does not allow to express such functions. The straight DLV translation with two 
integrity constraints runs a bit slower in CIFF, as expected. 
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ti:l clauses 

row(l) . 
row(N) . 

Vll INTEGRITY CONSTRAINTS 

[row(R)] implies [q_pos(R,l), q_pos(R,N)]. 
7«7o7« N must be an integer in real code ! 

[q_pos(Rl,C) ,q_pos(R2,C) ,R1\==R2] implies [false]. 

[q_pos(Rl,Cl) ,q_pos(R2,C2) , R1\==R2 , (abs (R1-R2) #=abs (C1-C2) )] 
implies [false] . 

In Tabled! we show the resuhs for the first sohition found. In the tables, we denote 
the ASystem as ASYS and the SMODELS as SM. 



Table 2. N-Queens results (first solution) 



Queens 


CIFF (1) 


CIFF (2) 


ASYS 


SM 


DLV 


n = 4 


0.01 


0.02 


0.01 


0.01 


0.01 


n = 6 


0.01 


0.21 


0.01 


0.01 


0.01 


n = 8 


0.03 


1.29 


0.03 


0.01 


0.01 


n = 12 


0.05 


5.98 


0.05 


0.01 


0.01 


n = 16 


0.09 


410.33 


0.07 


0.36 


0.61 


n = 24 


0.20 




0.17 


4.88 


5.44 


n = 28 


0.29 




0.27 


55.32 


35.17 


n = 32 


0.37 




0.32 






n = 64 


1.62 




1.52 






n = 100 


4.55 




4.24 







All systems return all the correct solutions, but we do not show the times for all 
solutions because the number of possible solutions is huge when TV grows. 

Only the CIFF System and the yl-System, through the use of the finite domain 
constraint solver, can solve the problem, in a reasonable time, for a high number 
of queens. Note also that the CIFF System performances in the other "answer set" 
variants of the specification, i.e. CIFF (2), is, as expected, worse in comparison 
with the first one, i.e. CIFF (1). However, we argue that, on the whole, the results 
show that the system is able to handle a reasonable number of ground instances. 
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6.3.2 The Graph Coloring problem 



The graph coloring problem can be defined as follows: given a connected graph we 
want to color its nodes in a way that each node does not have the color of any of 
its neighbors. 

The CIFF System formalization is as follows (again, we omit the domain-dependent 
definitions of any specific graph): 

7,7,7, ABDUCIBLES 
abducible(abd_color (_,_)) . 

7,7,7, CLAUSES 

coloring(X) :- color(C) ,abd_color(X,C) . 

7.7.7. INTEGRITY CONSTRAINTS 
[vertex(X)] implies [coloring(X)] . 

[edge(X,Y) ,abd_color(X,C) ,abd_color(Y,C)] implies [false]. 

The results are the following, where Jean and Games are two graph instances (up 
to a 120-nodes graphlEI: 



Table 3. Graph coloring results (first solution). 



Nodes 


CIFF 


CIFF (G) 


ASYS 


SM 


DLV 


4 


0.09 


0.01 


0.01 


0.01 


0.01 


Jean 




0.68 


0.60 


0.19 


0.48 


Games 




2.39 


3.61 


0.28 


1.14 



As for the N-Queens problem all the systems return all the solutions. Here answer 
set solvers have the best performances as the constraint solver is not involved in the 
computation. However, it is worth noting that performances of both the ^-System 
and the CIFF System, when the algorithm for groundable integrity constraints is 
activated (second column), are encouraging, even if the domain is a typical ASP 
application. 

6.3.3 Web Sites Repairing 

The last example is a practical problem in which abduction can be used effectively: 
checking and repairing links in a web site, given the specification of the site via 
an abductive logic program with constraints. This example, which follows the ap- 
proach in (jToni 2001|) . is currently being formalized, expanded and investigated 
(jMancarella et al. 20071 IMancarella et al. 20091 ITerreni 2008a|) . 

They are borrowed from |http : //mat .gsia. emu. edu/COLOR/ Instances .html | 
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Consider a web site where a node (representing a web page) can be a book, a review 
or a library. A link is a relation between two nodes. Nodes and links may need to 
be added to guarantee some properties. 

• each node must not belong to more than one type, and 

• each book must have at least a link to both a review and a library. 

We represent the addition of links and nodes as abducibles and we impose that: 

• each abduced node must be distinct from each other node (either abduced or 
not), 

• each abduced link must be distinct from each other link (either abduced or 

not). 

The CIFF System 4.0 formalization of this problem (together with a simple web 
site instance) is the following: 

y.y.y. abducibles 

abducible (add_node (_,_)). 
abducible (add_link (_,_)). 

7.7.7.CLAUSES 

is_node(N,T) :- node(N,T), node_type (T) . 
is_node(N,T) :- add_node(N,T) , node_type (T) . 
node_type (lib) . 
node_type(book) . 
node_type (review) . 

is_link(Nl,N2) :- link(Nl,N2), link_check(Nl ,N2) . 
is_link(Nl,N2) :- add_link(Nl,M2) , link_check(Nl ,N2) . 
link_check(Nl,N2) :- is_node (Nl , _) , is_node (N2 , _) , Nl \== N2 . 
book_links (B) :- is_node(B,book) , is_node(R, review) , is_link(B,R) > 
is_node(L,lib) , is_link(B,L). 

7.7.7. INTEGRITY CONSTRAINTS 

[add_node(N,Tl) , node(N,T2)] implies [false]. 
[add_link(Nl,N2) , link(Nl,M2)] implies [false]. 
[is_node(N,Tl) , is_node(N,T2) , Tl \== T2] implies [false]. 
[is_node(B,book)] implies [book_links (B)] . 

y.y.y.wEB site instance 

node(nl ,book) . 
node (n3, review) . 
Iink(nl,n3) . 

The CIFF System returns two answers representing correctly the need of a new link 
between the book nl and a new library node L. The first answer is: 
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[add_lirLk (nl , L) , add_node (L , lib) ] , 

[L\==n3, L\==nl] , 

[] 



%%%ABDUCIBLES 
7,7,7.DISEQUALITIES 
7.7,7,FD CONSTRAINTS 



Note that in the answer it is included the fact that L must be a new node, i.e. a 
node distinct from both nl and n3. 
The second answer is more complex: 

[add_link (nl , L) , add_node (L , lib) , 



In this case, the system also adds a new review node R and provides the right links 
among the new nodes. Note that, again, each node must be distinct from each other: 
this is expressed through CIFF disequalities. 

Correctly, no further answers are found and the system terminates accordingly. 
For this example we do not make a performance comparison with other systems as 
both answer set solvers and the ^-System seem unable to provide correct answers 
due to the presence of unbound variables. 



The overall framework of the CIFF procedure resembles the method of analytic 
tableaux, which has been used mostly for deductive inference in a range of different 
logics ( [D'Agostino et al. 1999p . A tableau proof proceeds by initializing a proof 
tree with a set of formulas to which we then apply expansion rules, similar to 
those of CIFF, until we reach an explicit contradiction on every branch. This can 
be used to prove that a set of formulas T is unsatisfiable or that a formula ip 
follows from a set T (by adding the complement of to T before expansion). 
There has been a (very limited) amount of work on applying the tableau method 
to the problem of abductive inference ( [Mayer and Pirri 1993[ lAliseda-Llera 19971 
IKlarman 2008p . The basic idea is that if an attempted proof oi T \^ (p fails, then 
those branches that could not be closed can provide hints as to what additional 
formulas would allow us to close all branches. That is, we can compute an abductive 
answer for the query ip given the theory T in this manner. While, in principle it is 
possible to use such an approach, the search space would be enormous. The rules 
of CIFF (which are more complicated and tailored to specific cases than the rules 
of most tableau-based procedures) have been specifically designed so as to avoid 
at least some of this complexity and search for to abductive answers more directly. 
Most work on tableau-based abduction has concentrated on (classical and non- 
classical) propositional logics (jAliseda-Llera 1997| IKlarman 2008^ . The only work 
on tableau-based abduction for first-order logic that we are aware of does not focus 
on algorithmic issues ( [Mayer and Pirri 1993D . We are also not aware of any major 
implementations of any of the tableau-based procedures for abduction proposed in 
the literature. 



add_link(nl ,R) > add_node(R, review)] , 
[L\==n3, L\==nl, R\==n3, R\==nl, R\==L] , 
[] 



7.7.7.ABDUCIBLES 
7.7.7.DISEQUALITIES 
7.7.7.FD CONSTRAINTS 



6.4 Comparison with Analytic Tableaux 
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7 Conclusions 



We have presented the CIFF proof procedure, a step forward at both theoretical 
and implementative levels in the field of abductive logic programming (with con- 
straints). CIFF is able to handle variables in a non-straightforward way, and it is 
equipped with a useful interface to a constraint solver. We have proved that CIFF 
is sound with respect to the three- valued completion semantics, and it enjoys some 
completeness properties with respect to the same semantics. 

In addition, we have described the CIFF System, a Prolog implementation of the 
CIFF proof procedure. The CIFF System reaches good levels of efficiency and flex- 
ibility and is comparable to other state-of-the-art tools for knowledge representa- 
tion and reasoning. The system has been developed in SICStus Prolog, but recently 
ported to SWI-Prolog (jWielemaker 2003]) . the state-of-the-art open-source Prolog 
platform, whose constraint solver is however less efficient than the one in SICStus. 

We have developed an extension of CIFF incorporating a more sophisticated form 
of integrity constraints, with negation as failure in their bodies. This extension is 
inspired by (|Sadri and Toni 1999^ and is described in (|Terreni 2008a|) . Even though 
the current implementation supports this extended treatment of negation, further 
work is needed to give it a formal foundation. 

At the implementative level, a main issue in CIFF is the lack of a Graphical User 
Interface (GUI) which would improve its usability: we hope to add it in the CIFF 
System 5 release. 

Other interesting features which are planned to be added to the CIFF System 5 
release, are the following. 

• Compatibility to the SICStus Prolog 4 release (which is claimed to be much 
faster: a porting of the system will benefit at once from this boost in perfor- 
mances) . 

• The possibility of invoking Prolog platform functions directly. We think that 
this would enhance performances and ease-of-programming in CIFF. However, 
some work has to be done in order to understand how to integrate them safely. 

• Further improvements in the management of groundable integrity constraints. 

• Further experimentations with other applications, for example planning. 

Finally, we also plan to compare the CIFF system with tools in Potassco (the 
Potsdam Answer Set Solving Collection) 0, that incorporate efficient implementa- 
tions of constraint solving within answer set programming. 

Acknowledgements: We would like to thank Michael Gelfond and the anonymous 
reviewers for their comments and suggestions. The work described in this paper 
has been partially supported by European Commission FET Global Computing 
Initiative, within the SOCS project (IST-2001-32530). 

|http: //potassco . sourcef orge .net/ 1 
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Appendix A Proofs of CIFF results 

Proof of Proposition \4-l\ 

To prove the first part of the proposition, we need the semantics of the constraint 
solver while to prove the second part we need the Clark Equality Theory ( GET). 
Both are embedded in our semantics (|=3(sr)) and we will write explicitly |=sff and 
\=CET, respectively, instead of |=3(sr) where appropriate. 

1. r is the set of c-conjuncts in iV, and this is a successful node. Then the Constraint 
solving rule R7 cannot be applied to N . Thus, by the assumption of having a 
sound and complete constraint solver, we have that T is not an unsatisfiable set of 
constraints, i.e. we can always obtain a ground substitution 9 such that: 

and so 

2. Let us consider F = {E U DE)9. Equalities in E are of the form 

X^=t, {I <i <n,n>{)) 

where each Xi is an existentially quantified variable and ti is a term (containing 
neither universally quantified variables nor Xi itself) . The scope of each variable in 
E is the whole CIFF node N and each Xi does not appear elsewhere in the node 
due to the exhaustive application of the Equality rewriting in atoms rule R8. 

The disequalities in DE are of the form 

Xj ~ tj — > false (n < J < m, TO > 0) 

where each Xj is an existentially quantified variable appearing also in E (due to the 
Substitution in atoms rule RIO) and tj is a term not in the form of a universally 
quantified variable. 

The ground substitution 9 contains an assignment to all the constraint variables 
occurring in (ElJDE). This is because (i) all the equalities in E are equalities over 
Herbrand terms by definition and (ii) there is no CIFF disequality in DE of the 
form Xi — ti false where Xi — ti \s & c-atom because the Case analysis for 
constraints rule R6 replaced any such CIFF disequality with a c-conjunct of the 
form Xi 7^ ti. 

Note that also CIFF disequalities of the form X = Y ^ false such that X is a 
constraint variable and Y is not (or viceversa) are not a problem. This is because 
X has been substituted by a ground term c by and there is no equality of the 
form y = c in E9 because in that case also Y would be a constraint variable and 
that equality would belong to F. 

Finally, the proposition is proven by finding a ground substitution a such that 
\=CET Fa and this can be done following the proof in ( |Fung 1996] ), as follows. 
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First we assign a value to each existentially quantified variable Xj in DEO. We 
do this by using a fresh function symbol gj, i.e. the function symbol gj does not 
appear in the CIFF branch whose leaf is N (we assume here that we have an infinite 
number of distinct function symbols in our language). Then we choose a constant c 
and we assign gj (c) to Xj . We define G = Faj where cr/ is the ground substitution 
composed of the above assignments. 

The second step is to assign to each variable Xi in {E9)ai its corresponding term 

Si = tiCTl. 

Finally, for each remaining existentially quantified variable, we use another fresh 
function and a constant c to make assignments as for what done for CIFF disequal- 
ities. 

The whole set of assignments so far obtained is the ground substitution a which 
proves the proposition. This is because, after 9a has been applied, each equality 
originally in E is of the form t = t and each CIFF disequality originally in DE is 
of the form f{t) = g{t) false which are obviously entailed by GET. 
We have: 

aK(SR) {EUDE)e 
and thus, being 9 |=sr F, we have: 

^o- h3(K) TUEUDE □ 

Proof of Proposition 

Let us consider the set Act'. There can be existentially quantified variables in A 
not assigned by a' because they do not appear in C. Then it is enough to choose 
arbitrary ground terms to assign to those variables to obtain a substitution a such 
that cr' C (7, which proves the proposition. □ 

Proof of Proposition 

We prove the proposition considering each of the CIFF proof rules in turn. Recall 
that, apart from the Splitting rule, for each proof rule the set N of successor nodes 
of iV is a singleton, i.e. N = {^'}- 

Rl - Unfolding atoms. This rule applies a resolution step on a defined atom 
in N and its iff-definition in Th: 

p{X)^{DiV---VDn) 
Hence, the atom p{i) is replaced in N' by 

{DiV ---V Dn)[X/t\ 

The replacement is obviously equivalence preserving with respect to P and ^3(sff) . 

R2 - Unfolding within implication. This rule resolves a defined atom p{t) with 
its iff-definition in Th: 
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p{X) ^{D^v---VD„) 

as in the previous nile. The rcsuh is a set of iniphcations in N' replacing the original 
implication, each one containing one of the disjuncts Di9, with 1 < i < n where 
6 = [X/t\. Without loss of generality, suppose that the original implication is of the 
form 

{p{t[W, Y]) A R[W, Y]) ^ H[W, Y] 

where -R is a conjunction of literals and H is a disjunction of atoms. We use the 
notation E[Y] to say that Y may occur in E for a generic E. Suppose that all and 
only the variables in W occur also in another non-implicative CIFF conjunct (recall 
that in a CIFF node variables appearing only within an implication are implicitly 
universally quantified with scope the implication itself and variables appearing out- 
side an implication are existentially quantified with scope the whole node). Making 
the quantification explicit, the implication becomes: 

3WVY{p{i[W, Y]) A R[W, Y] H[W, Y]) 

To simplify the presentation, in the following we assume that W and Y may occur 
everywhere in the implication without denoting it explicitly. Applying resolution 
we obtain: 

3WW{{3ZiD[e V • • • V 3ZnD'J) A R ^ H) 

where each is of the form 3ZiD'^ and the vectors Z^ of existentially quantified 
variables arise from the iff-definition. Thus we have: 

3WyY{{3Zi{D[e) V • • • V 3Zn{D'J)) AR^H) = 

3WVY{^{3Zi{D[e) V • • • V 3Zn{D'J)) V^RVH) = 

3WVY{{^{3Zi{D[0)) A • • • A ^{3Zn{D'J))) V ^RV H) = 

3WyY{{^{3Zi{D[e)) V -i? V J7) A • • • A {^{3Zn{D'J)) V -i? V H)) = 

3W(yfYi^{3Zi{D[e)) V ^i? V i?) A • • • A 'iY{^{3Zn{D'J)) V -i? V H)) = 

3W(yY, Zi{^D[e V -.i? V if) A • • • A Vf , Zn{-^D'J V -i? V H)) = 
3W>(Vf , Zi{D[e AR^ H) A--- AYY, Z^{D'J AR-> H)) 

Note that the variables Zi in the new implications are universally quantified with 
scope the implication in which they occur. So with our convention for implicit 
quantification, the last sentence is: 

[DiO AR^H)A---A {DnO AR^H). 

R3 - Propagation. This rule uses an atomic CIFF conjunct p{s) and an atom p{t) 
within an implication of the form A B) ^ H and it adds in A'^' an implication 
of the form: 

t = sAB^H 
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It is obvious that, due to the fact that the second implication is a consequence of 
the CIFF conjunct and the imphcation and both remain in N', the Propagation 
rule is equivalence preserving. 

R4 - Splitting. This rule uses a disjunctive CIFF conjunct of the form D = 
Di V . . . V Dk and builds a set of CIFF successor nodes 7V= {A''i, . . . , N^} such that 
in each Ni the conjunct D is replaced by Di. 

It is obvious that the Splitting rule is equivalence preserving because it is an op- 
eration of disjunctive distribution over a conjunction, i.e. is a case of the tautology: 

^ A V . . . V Dfe) = (A V Di) A . . . A (A V Dfe) 

R5 - Factoring. This rule uses two atomic CIFF conjuncts of the form p(t) and 
p{s) and it replaces them in N' by a disjunction of the form: 

{p{s)Ap{i) A (f = s ^ false)) V (^(^1 A f = s) 

To show that the rule is equivalence preserving, consider the tautology 

= s — > false) \/ 1 = s 

We have that 

p(t)Ap(s) = 
p{i) Ap(s) A{{t = false)y t = s) = 
(pit) Ap{s) A (f = false)) V {p{t) Ap{s} At = s) = 
{p{^Ap{s) A{t = s^ false)) V Ap{t) At = s) = 
{p{^Ap{s) A {t = s->- false)) V A t = s) 

R6 - Case Analysis for constraints. 

Recall that variables in Con arc all cxistcntially quantified and that the constraint 
domain is assumed to be closed under complement, i.e. the complement Con of a 
constraint atom Con is a constraint atom. 

(Con AA)^ B = 

Con ^{A^B) = 
{Con Con) A {Con {A B)) = 

Con ^ {Con A {A ^ B)) = 

^Con V (Con A{A^ B)) = 
'Cony {Con A {A ^B)) 

Variable quantification need not be taken into account here because each variable 
occurring in Con must be existentially quantified in order for the rule to be applied 
to it. Hence the quantification of those variables remain unchanged in the two 
resulting disjuncts. 

R7 - Constraint solving. This rules replaces a set {Coni, . . . , Conk} of c-conjuncts 

in TV by false in N' , provided the constraint solver evaluates them as unsatisfiable. 
By the assumption that the constraint solver is sound and complete, the rule is 
obviously equivalence preserving. 
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R8 - Equality rewriting in atoms and R9 - Equality rewriting in implica- 
tions. These rules are directly borrowed from the Martclli-Montanari unification 
algorithm. The equivalence preserving is proven by the soundness of this algorithm 
(jMartelh and Montanari 1982|) . 

RIO - Substitution in atoms and Rll - Substitution in implications. These 
rules simply propagate an equality either to the whole node or to the implication 
in which it occurs. Again they are obviously equivalence preserving rules. 

R12 - Case Analysis for equality. The equivalence preservation of this rule 
requires some carefulness due to the quantification of the variables involved. First 
of all note that if no variable in the Given formula is universally quantified the proof 
is trivial. For simplicity we provide the full proof for the case in which the Given 
formula contains only one universally quantified variable and no other existentially 
quantified variables except X. The proof can be then easily adapted to the general 
case. With this simplification, we need to prove that the following two formulae are 
equivalent (where implicit quantifications are made explicit). 

Fl 3XyY{{X = t hB) ^ H) 

F2 [3X, Y(X = th{B^ H))] V pXVy(X = t false)] 
We do a proof by cases, using the following two (complementary) hypotheses: 

Hypl -n3X3Y{X = t). 

Hyp2 3X3Y{X = t) 

The equivalence under Hypl is trivial. 

Assume Hyp2 holds. Let s be a ground value for X such that 

3Y{s = t). 

and let i? be the ground substitution for X and Y such that X-d — s and {X = t)!!). 
Note that, by GET, given s such a ground substitution is unique. Consider now the 
formulae obtained from Fl and F2 by substituting X by s 

Fl(s) \fY{{s = tAB) ^ H) 

F2(s) [3Y{s = tA{B ^ H))] V [Vy(s = t false)] 

It is not difficult to see that Fl(s) is equivalent to 
{B H)^ 

since for any ground instantiation of y other than Yd the implication ((s = tAB) —^ 
H) is trivially true. 

Consider now F2(s). The second disjunct is false by Hyp2 whereas the first disjunct 
is clearly equivalent to {B — ^ H)-d due to the uniqueness of -d. 

R13 - Negation rewriting. This rule uses common logical equivalences: 

{{A false) AB) ^ H = 

B -^{A false) V H = 

B ^ ^{^Ay false) y H = 

B {AA true) V H = 
B ^ Aw H 
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R14, R15, R16, R17 - Logical simplification #1 - #4 rules. All the four 
simplification rules are again obviously equivalence preserving rules as they use 
common logical equivalences. 

R18 - Dynamic Allowedness. This rule does not change the elements of a node 
N. Hence, given that N' = N, ignoring the marking, the equivalence preservation 
is proven. □ 

Proof of Corollary \4-l\ 

The proof is an immediate consequence of Proposition 14. 3[ because for any CIFF 
formula F' obtained from F through the application of a CIFF proof rule </> on a 
node A^, we have that 

F' = F-{N}UAf 
where Af is the set of successor nodes of A^ with respect to cj). □ 

Proof of Theorem \4-l\ 

Let us consider a CIFF successful node A^. By definition of CIFF extracted answer, 
the node A^ from which (A, C) is extracted, is a conjunction of the form 

AArA£;Ai:»£;A Rest 

where C = (F, E, DE) and Rest is a conjunction of CIFF conjuncts. 
Propositions 14. II and 14.21 ensure the existence of a ground substitution a such that: 

Act h3(») A u r U S U DE. 

Let X the set of variables occurring in Q and let 6 the restriction of a over the 
variables in X. 

Let 7 be a ground substitution for all the variables occurring in Q9. Let a — 9^. It 
is straightforward that 

A6'7 h3(SR) A U F U £: U 
as the substitution 7 does not involve any variable in A U F U £' U DE. 

To prove that (A,(t, F) is an abductive answer with constraint, we need that: 

1. there exists a ground substitution a' for the variables occurring in Fcr such that 
cr' |=s)if Fcr and 

2. for each ground substitution a' for the variables occurring in Fcr such that a' |=sr Fcr, 
there exists a ground substitution cr" for the variables occurring in Q U A U F, with 
aa' C cr", such that: 

• P U Acr" |=LP(!ff) Qcr" and 
. PUAa" hLP(!R) IC. 

Again, Propositions 14. II and 14.21 ensure that 

• there exists a ground substitution a' for the variables occurring in Fcr such that 
cr' |=SR FcT and such that, for each ground substitution cr' and 
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for each ground substitution a' for the variables occurring in Va such that a' |=sr Fct, 
there exists a ground substitution a" for the variables occurring in Q U A U F, with 
a a' C (j", such that: 

Act" h3(5i) A u r u £; u (+) 
If we prove that Act" ^3(3}) Rest^ we have that 

FUAa" h3(sR) TV. (*) 

From this, by induction and by Proposition 14.31 we will obtain 

PU Act" h3(SR) Qcr", and 
P U Aa" h3(K) 

thus proving that (A, C) is an abductive answer with constraints to Q with respect 
to (P, A, IC)u. 

We now prove (*). It is obvious that: 

P U Act" h3(K) A U F U £; U 
by (+) above. We need to show that: 

P U Act" h3(K) Rest. 

Let us consider the structure of Rest. Due to the exhaustive application of CIFF 
proof rules, a CIFF conjunct in Rest cannot be any of the following: 

a disjunction (due to the exhaustive application of Splitting); 
a defined atom (due to the exhaustive application of Unfolding atoms); 
either true or false (due to the exhaustive application of Logical simplification 
(^1 - #4) and the fact that N is not a failure node, respectively); 
an implication whose body contains a defined atom (due to the exhaustive appli- 
cation of Unfolding in implications); 

an implication with a negative literal in the body (due to the exhaustive application 
of Negation rewriting); 

an implication with true or false in the body (due to the exhaustive application 
of Logical simplification (#1 - #4)); 

an implication with only equalities or constraint atoms in the body (due to the 
exhaustive application of Case analysis for equalities. Case analysis for con- 
straints, Substitution in implications and Dynamic Allowedness). 

Thus, each CIFF conjunct in Rest is an implication whose body contains at least 
an abducible atom. We denote as ^ A the set of abducible atoms in A whose 
predicate is a. Consider an implication / G Rest of the form a{t) A B ^ H where 
a is an abducible predicate and t may contain universally quantified variables. 
Either Aa = or not. If Aa = then it trivially holds that P U Act" |=3(5R) I 
because the body of / falsified. 

The case Aa ^ Cd is more interesting. Assume Aa = a{si), . . . , a(sfc). Due to the 
fact that a has no definition in P, a{si)a" , . . . ,a{sk)a" represent all and only the 
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instances of a{t) which are entailed by P U Act" with respect to the three- valued 
completion semantics. 

Hence, if t = sa" , where s is such that a{s)a" ^ Aa, it trivially holds that P U 
Act" ^3(sr) I, because the body of / falsified. 

Consider now the case t = sa" , where s is such that a{s)a" G Aa- Because N 
is a CIFF successful node, Propagation has been exhaustively applied in the 
CIFF branch B whose leaf node is N. This means that for each a{si)(j" £ Aa, an 
implication /' of the form 

occurs in at least a node Ni G B (otherwise Propagation is still applicable and N 
is not a successful node). Then, if B of the body does not contain other abducibles, 
the implication /' is not in Rest and has been reduced to a conjunction in N. 
Otherwise, if B contains another abducible atom, the process is applied again on 
it. Because a successful branch is finite, the proof is obtained by induction on the 
number of abducible atoms in B. 

Hence, it holds that: 

P U Act" |=3(j}) Rest 

and 

P U Aa" h3(SR) N 

Let us consider the CIFF branch B whose leaf node is N, i.e. the branch B = Ni = 
Q A IC, N2, ■ ■ ■ ,Ni = N with Z > 1. If we prove that for each pair of nodes Ni and 
Ni+i belonging to B it holds that if 

P U Aa" h3(5f) ^^+1 

then 

PUAa" 

we have, by induction, that 

P U Aa" h3(K) Qcr" A IC 

Suppose P U Aa" ^3(s(f) iV^+i, for some i. Due to the definition of CIFF branch, 
each node TV^+i € S is one of the successor nodes of Ni. If Ni^i is obtained by Ni by 
applying a CIFF proof rule distinct from the Splitting rule, if follows immediately 
that 

P U Aa" h3(K) 

given that Ni^i is the only successor node of Ni and thus, from Proposition 14.31 
we have that Ni = A^i+i. If the Splitting rule has been applied, however, then the 
node Ni is of the form 

RestNode A (Di V . . . V D„) 
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and Ni+i is of the form 

[RestN ode A Di) for some i £ [1, n]. 
It is obvious that the latter formula entails the former. 
Summarizing, we have that 

P U Act" h3(K) Qcr" A IC 

which implies that 

PUAa" ^3(sf) Qcr", and 
PUAa" K(SR) /C. □ 

Proof of Theorem 

From the definition of failure CIFF derivation, P is a derivation starting with QUIC 
and such that all its leaf nodes are CIFF failure nodes which are equivalent to false. 
Hence, due to CoroUarv 14.11 and the transitivity of the equivalence, it follows im- 
mediately that: 

PUIC h3(SR) (Q A IC) ^ false 

Because IC occurs in both the left and the right hand side of the statement, we 
have that 

PUIC ^^^)Q^ false 

and thus 

The proof of Lemma 14.11 requires some auxiliary definition and result given in the 
sequel 

Definition Appendix A.l 

An atom is a pure constraint atom if is either a constraint atom or it is an equality 
t = s where either t or s are non-Herbrand terms. 

For example the equality X = 3 is a pure constraint atom whereas the equality 
X = a\s not. 

Definition Appendix A. 2 (Statically allowed implication) 

An implication of the form B ^ H is statically allowed if and only if: 

• each universally quantified variable occurring in H occurs also in B; 

• each universally quantified variable occurring in a negative literal or in a pure 
constraint atom in B, occurs also in an atomic non-constraint atom in B; 

• if a universally quantified variable in B occurs only in an equality t = s oi B 
then either t or s do not contain universally quantified variables. 
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Lemma Appendix A.l [Static allowed implications lemma) 

Let (P, A, IC)sji be an abductive logic program with constraints such that the corre- 
sponding CIFF framework {Th, A, IC)'ji and the query Q are both CIFF statically 
allowed. Let V he a CIFF derivation with respect to (Th, A, IC)^ and Q. Let Fi be 
a CIFF formula in V and let iV be a CIFF node in Fi such that each implication 
(as a CIFF conjunct) in N is statically allowed. Then, for each CIFF proof rule (p 
such that 

Fi >- Fi+i, 

each node N' in the set of CIFF successor nodes A/" of in P is such that each 
implication (as a CIFF conjunct) in N' is statically allowed. 

Proof of Lemma \Appendix A.l\ 

We need to prove that each implication / of the form B ^ H in each successor 
node N' of N is statically allowed. 

For all CIFF proof rules but (Rl), (R2), (R3), (R9), (Rll), (R12) and (R13) the 
proof is trivial. 

Unfolding atoms (Rl). This rule resolves an atom p{i) with its iff-definition 
[p{X) ^ Z?i V • • • V Dn] e Th. New implications can arise from negative literals 
(rewritten in implicative form) in some disjunct Di (i G [l,^^]). However, by as- 
sumption, Th is statically allowed and thus each universally quantified variable V 
occurring in a negative literal occurs elsewhere in a non-equality, non-constraint 
atom in the same disjunct. Hence any such newly introduced implication is stati- 
cally allowed. 

Unfolding v^rithin implications (R2). This rule resolves an atomp(t) in the body 
of an implication with its iff-definition [p{X) ^ Di V • • ■ V Dn] S T/i, producing n 
new implications /i, . . . ,/„ in the successor node of N. As for the previous case, 
since Th is statically allowed, each universally quantified variable V occurring in a 
disjunct Di {i £ [1,'T']) occurs elsewhere in a non-equality, non-constraint atom in 
the same disjunct. Hence each li {i G [Ij't-]) is a statically allowed implication. 

Propagation (R3). This rule resolves an atom p(t) in the body of an implication 
/ with an atom p{s) as a CIFF conjunct in N , adding a new implication /' in the 
successor node of N , where p{t) is replaced by t = s. By definition, all the variables 
in s are existentially quantified, hence the newly introduced implication is statically 
allowed. 

Equality rewriting in implications (R9). This rule handles an implication / 
of the form {ti = t2 /\ B) H, replacing it with an implication /' of the form 
{{£{ti — t2) f\ B) H in the successor node N' of N . Assume that /' is not a 
statically allowed implication. There are two cases: 

• a universally quantified variable V m H occurred in B only in the equality ^1=^2 
and the application of £{ti,t2) has eliminated V. This can never happen since, 
being / statically allowed, cases (4) and (5) in the definition of £ do not apply; 
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a universally quantified variable V occurring only in ti = t2 still occurs only in 
an equality t' = s' introduced by the application of £(ti = t2), and both t' and s' 
contain universally quantified variables. This can not happen either, since t' is a 
subterm of ti, s' is a subterm of t2 and either ti or t2 do not contain universally 
quantified variables by the hypothesis that / is statically allowed. 

Substitution in implications (Rll). This rule handles an implication / of the 
form {X = t AB) H (where X is universally quantified and X does not occur in 
t), replacing it with an implication /' of the form {B — > H)[X/t] in the successor 
node N' of N. Since / is statically allowed and /' contains one less universally 
quantified variable with respect to /, /' is also statically allowed. 

Case analysis for equalities (R12). This rule handles an implication / of the 
form {X — t /\ B) ^ H , (where X is existentially quantified) replacing it with a 
disjunctive node of the form [X = t /\ {B ^ H)] V [X ^ t ^ false] (where all the 
variables in t in the first disjunct become existentially quantified) in the successor 
node N' of N. Being X existentially quantified, the implication X = t ^ false 
in the second disjunct is statically allowed. Moreover, due to the fact that all the 
variables in t become existentially quantified in the first disjunct, also B ^ H is 
statically allowed because it contains less universally quantified variables than / 
which is, by assumption, statically allowed. 

Negation rewriting (R13). This rule handles an implication / of the form {{A — > 
false) AB) — > H , replacing it with an implication /' of the form B — > (AWH) in the 
successor node N' of N. Being / statically allowed, for each variable V occurring in 
A, V must also occur in a non-equality, non-constraint atom in B and thus also /' 
is statically allowed because each variable in {A V H) occurs also in a non-equality, 
non-constraint atom in B. 
□ 

Corollary Appendix A.l 

Let (P, A, IC)^ be an abductive logic program with constraints such that the corre- 
sponding CIFF framework (T/i, A, IC)^ and the query Q are both CIFF statically 
allowed. Let P be a CIFF derivation with respect to {Th, A, IC)sji and Q. Then 
each implication occurring in 2? is a statically allowed implication. 

Proof 

Any implication in the initial node of 2? is statically allowed since the {Th, A, IC)^ 
and the query Q are both CIFF statically allowed by hypothesis. The result then 
follows directly from Lemma [Appendix A.l □ 



Proof of Lemma \4-l\ 

We prove the Lemma by contradiction. Assume that there exists a CIFF derivation 
such that R18 - Dynamic allowedness is selected. By definition of the Dynamic 
allowedness rule, an implication of form B H is selected such that: 

(i) either B is true, or 
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(ii) B contains constraint atoms only 



and 

(iii) no other rule applies to the implication. 

Due to the definition of the CIFF proof rules, (i), (ii) and (iii) above imply that 

(iv) either B is true and H contains universally quantified variables, or 

(v) B contains constraint atoms only, each constraint atom in B contains universally 
quantified variables, and each equality atom in B is a pure constraint atom. 



Note, in particular, that equalities in B are pure constraint atoms since otherwise 
R9, Rll or R12 would be applicable. In both cases (iv) and (v) the implication 
is not a statically allowed implication, contradicting Corollary [Appendix A.l □ 



Proof of Theorem \^.3\ 

By assumption, both {Th, A,IC)^ and Q do not contain constraint atoms. This 
means that both the CIFF framework (T/i, A, /C)sr and the CIFF query Q are also 
an IFF framework and an IFF query respectively. Moreover, the CIFF proof rules 
are a superset of the IFF proof rules. Directly from the same assumption Case 
analysis for constraints and Constraint solving (which are all the CIFF rules 
managing c-atoms) can never be applied in any derivation T) for Q with respect to 
{Th.AJC)^. 

Moreover, the fact that both {Th, A, IC)y} and Q are IFF allowed ensures that 
they are also CIFF statically allowed. This is trivial because an IFF allowed query 
is defined exactly as a CIFF statically allowed query and the notion of CIFF static 
allowedness and the notion of IFF allowedness for, respectively, a CIFF and an 
IFF framework, differ only for the CIFF static allowedness conditions over con- 
straint atoms. As {Th, A, IC)^^ does not contain constraint atoms, the two no- 
tions for {Th, A, IC)'iii coincide. Hence {Th, A, IC)yi is also a CIFF statically al- 
lowed framework and thus, for Lemma 14.11 Dynamic allowedness is never ap- 
plied. This means that any derivation V for Q with respect to {Th, A, IC)sft is an 
IFF derivation and thus, we can apply directly the completeness result stated in 
dFung and Kowalski 1997| . □ 

Proof of Theorem \4-4\ 
1. It is easy to see that 

puic h3(K) 

is equivalent to: 

PUIC Hi3i}Q^ false 

Because IC occurs in the left hand side of the statement, the above statement is 
equivalent to: 

(*) PUIC h3(M) (Q A IC) ^ false 
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Assume that there exists a CIFF successful branch in V and let Ans be the cor- 
responding CIFF extracted answer. Due to the equivalence preservation of CIFF 
rules (Proposition |4?l|) and the transitivity of the equivalence, we have that 

PyjIC h3(sR) (Q A IC) ^ {false V Ans) 

which clearly contradicts the above statement (*) being Ans distinct from false 
due to the soundness of CIFF. 
2. Assume that all the branches in T) are failure branches. Due to the equivalence 
preservation of CIFF rules fProposition l4.ip and the transitivity of the equivalence, 
we have that 

P U /C ^3(3?) [Q A IC) ^ false 

which is equivalent to 

PyjIC ^^^^^Q^ false 

and to 

which clearly contradicts that 

□ 

Proof of Theorem \4-5\ 

By Lemma l4Jl we have that, given a CIFF derivation V with respect to (T/i, A, /C}sr 
and Q, T) does not contain undefined branches. This is because the Dynamic 
Allowedness rule is never applied in T) and this is the only rule which gives rise 
to an undefined node. Due to the assumption that T) is finite, we have that all the 
final nodes in T) are either successful or failure CIFF nodes. Hence Theorem 14.41 
can be applied to {Th, A, IC)sii and Q, thus proving the statement. □ 
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